Base64-encoded commands are executed from init.py, which exfiltrate Telegram session data.
{ "malicious-packages-origins": null }