Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/Threats/Critical Telnyx Python SDK Backdoor on PyPI Steals Cloud Credentials
Threats

Critical Telnyx Python SDK Backdoor on PyPI Steals Cloud Credentials

Key Takeaways A sophisticated supply chain attack compromised two versions (4.87.1 and 4.87.2) of the Telnyx Python SDK on PyPI, live for approximately four hours on March 27, 2026. The malicious...

Sarah simpson
Sarah simpson
March 30, 2026 5 Min Read
38 0

Key Takeaways

  • A sophisticated supply chain attack compromised two versions (4.87.1 and 4.87.2) of the Telnyx Python SDK on PyPI, live for approximately four hours on March 27, 2026.
  • The malicious packages, uploaded by the TeamPCP threat actor, silently installed a multi-stage credential harvester across Windows, Linux, and macOS systems.
  • The malware used steganography to hide payloads within WAV files, collected a wide array of sensitive data including cloud credentials and SSH keys, and established persistence.
  • The attack highlights a growing trend of advanced supply chain compromises, with TeamPCP previously targeting other major cybersecurity and development tools.
  • Affected organizations must assume a full breach, perform extensive incident response, and rotate all compromised credentials immediately.

A critical backdoor was covertly introduced into a widely adopted Python package on the PyPI repository, enabling attackers to silently compromise systems without the knowledge of affected developers. This incident, involving the Telnyx Python SDK, represents a significant escalation in software supply chain attacks.

Table Of Content

  • Key Takeaways
  • How the Infection Mechanism Was Built to Stay Hidden
  • What You Should Do

On March 27, 2026, a threat group identified as TeamPCP uploaded two malicious iterations of the Telnyx Python SDK to PyPI, the primary distribution platform for Python software packages. These compromised versions, 4.87.1 and 4.87.2, remained available for approximately four hours before PyPI administrators intervened and removed them.

During this brief window, any developer or automated system executing a standard package installation command could have been silently infected. The malicious code operated without errors, warnings, or any visible indications of compromise, making detection difficult for unsuspecting users.

The Telnyx package is not a niche library; it boasts approximately 750,000 monthly downloads. This broad usage implies a substantial potential impact, extending beyond direct users to encompass dependent projects, continuous integration/continuous deployment pipelines, and various services. The precision of this attack is particularly alarming: only a single file within the package was altered, with all other components remaining byte-for-byte identical to the legitimate version. The malicious code executed automatically upon the library’s import, requiring no user interaction, clicks, or configuration.

Analysts at Hexastrike identified this attack as part of a larger, rapidly evolving supply chain campaign orchestrated by TeamPCP, a group believed to be affiliated with the notorious TeamTNT threat actor. Researchers noted that TeamPCP had previously targeted prominent tools like Aqua Security’s Trivy, Checkmarx, LiteLLM, and over 46 npm packages within a mere nine-day span. Each subsequent attack demonstrated increasing sophistication, with the Telnyx compromise being the most refined version observed to date.

The attack unfolded in a three-stage process. Initially, the trojanized package activated a platform-specific loader. This loader then retrieved a hidden payload from a remote server, cunningly concealed within a WAV audio file using steganography. Finally, the decoded payload deployed a comprehensive credential harvester. This harvester surreptitiously collected SSH keys, cloud provider credentials, Kubernetes secrets, database configurations, cryptocurrency wallets, and environment variables. The stolen data was then encrypted and transmitted to an attacker-controlled server. The malware was designed to operate across all major operating systems and possessed the capability to propagate throughout entire Kubernetes clusters by deploying privileged pods on every node.

How the Infection Mechanism Was Built to Stay Hidden

The entire attack chain was initiated by a subtle modification within the _client.py file. When the Telnyx library is loaded in Python, code within this file is automatically executed.

TeamPCP inserted two function calls at the end of this file: setup() for Windows systems and FetchAudio() for Linux and macOS. Both functions performed an initial check of the operating system and would silently terminate if on the incorrect platform. To ensure stealth, all potential errors were caught and ignored using a blanket exception handler, preventing the application from crashing or generating alerts.

To obscure the true purpose of these functions, the attackers encoded all sensitive strings—including URLs, file paths, filenames, and HTTP headers—using base64. This made a quick code review less likely to reveal the malicious intent. Once decoded, the Windows path led to the download of a file named hangup.wav from a command-and-control server at 83.142.209.203:8080. This file, despite its name, was not an audio file but a valid WAV container embedding an executable binary within its audio frames through steganography. The binary was extracted, XOR-decoded, and written to the Windows Startup folder as msbuild.exe, a name deliberately chosen to mimic a legitimate Microsoft tool. It launched silently without a visible window and would execute automatically upon user login.

On Linux and macOS, the methodology differed but maintained the same level of stealth. Instead of dropping a file, the code decoded a substantial Python payload stored in a variable and executed it as a detached child process. This process persisted even after the parent application closed. It proceeded to download a second WAV file, ringtone.wav, extracted a hidden Python harvester from its audio data, and ran the script entirely in memory, avoiding any disk writes. Once the harvester completed its credential collection, the results were encrypted using AES-256-CBC, and the session key was then wrapped with a hardcoded RSA-4096 public key, ensuring only the attacker could decrypt the stolen data. The bundled information was then transmitted to the attacker’s server via an HTTP POST request, featuring the header X-Filename: tpcp.tar.gz. This unique header serves as a consistent signature across all known TeamPCP campaigns, making it a valuable network-level detection indicator.

What You Should Do

  • Organizations must treat any system that installed Telnyx Python SDK versions 4.87.1 or 4.87.2 as compromised and initiate immediate incident response procedures.
  • Rotate all credentials accessible from affected systems, including SSH keys, AWS, GCP, and Azure credentials, Kubernetes tokens, Docker credentials, database passwords, API keys, and any secrets stored in environment files.
  • Simply uninstalling the package is insufficient to remove persistence. Manual removal steps are critical:
    • Linux: Delete ~/.config/sysmon/sysmon.py and its associated systemd service.
    • Windows: Remove msbuild.exe from the Startup folder and delete the hidden .lock file.
    • Kubernetes: Audit and remove any pods named node-setup-* in the kube-system namespace. Check every node for an unexpected systemd service named sysmon.service.
  • Developers should enforce strict dependency pinning to exact versions and utilize lockfiles to prevent unexpected package updates.
  • Enable two-factor authentication (2FA) on all PyPI accounts and related development platforms.
  • Employ short-lived credentials wherever possible and avoid storing sensitive secrets directly in .env files on disk.
  • Implement firewall rules to block all outbound connections to 83.142.209.203, checkmarx.zone, and the broader 83.142.209.0/24 subnet.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachHackerMalwareSecurityThreat

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Homoglyph Attacks Spoof Trusted Domains to Deceive Users

Next Post

DarkSword Exploit Kit Targets iOS Users via TA446 Hackers

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us