It is probably a false positive as openhab downloads that from the repository and it is not packaged by anyone in our project.
I upped the version of that library a few weeks ago. So if you upgrade to the latest milestone it will be a different version and it may not trip the virus protection.
I downloaded the 3.2.0 milestone and the Bitdefender scan came to the same result: Java.Trojan.GenericGBA.30456
E:\openHAB3\addons\openhab-addons-3.2.0.M3.kar=>repository=>org=>openhab=>addons=>bundles=>org.openhab.binding.telegram=>3.2.0.M3=>org.openhab.binding.telegram-3.2.0.M3.jar=>com/pengrad/telegrambot/passport/decrypt/Aes256Cbc$Aes256.class
I also downloaded the 3.2.0 snapshot and the Bitdefender scan came to the same result: Java.Trojan.GenericGBA.30456
E:\openHAB3\addons\openhab-addons-3.2.0-SNAPSHOT.kar=>repository=>org=>openhab=>addons=>bundles=>org.openhab.binding.telegram=>3.2.0-SNAPSHOT=>org.openhab.binding.telegram-3.2.0-SNAPSHOT.jar=>com/pengrad/telegrambot/passport/decrypt/Aes256Cbc$Aes256.class
I am not currently using telegram. However, I am planning to use it in the future.
I downloaded the file directly from the mvn repo (both 5.2.0 and 5.3.0) and scanned it with this website: VirusTotal - Home
The result was 8 out of 58 tools giving a positive to what you posted. I suspect it is a false positive but it should be reported at the link in my last post.