Cybersecurity researchers have found three malicious packages on the npm registry posing as a popular Telegram bot library, which actually contain SSH backdoors and data exfiltration capabilities. The suspicious packages are named node-telegram-utils, node-telegram-bots-api, and node-telegram-util, with low download counts. Users are advised to be cautious and avoid downloading these packages to prevent potential security threats.