Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV Audio

Hackers known as TeamPCP have compromised the Telnyx package on the Python Package Index (PyPI), uploading backdoored versions that deliver credential-stealing malware concealed inside a WAV audio file. The attack represents a sophisticated supply chain compromise targeting developers and organizations using the popular Telnyx Python SDK for communications APIs.

What Is Telnyx

Telnyx is a cloud communications platform offering voice, SMS, fax, and data services via APIs. The telnyx Python package is the official SDK used by developers to integrate Telnyx's communications services into Python applications. It is widely used in SaaS products, call centers, healthcare communication platforms, and enterprises with programmatic telephony needs.

The Supply Chain Attack

TeamPCP gained access to the Telnyx PyPI account and uploaded malicious versions of the telnyx package. Developers who installed or upgraded the compromised version unwittingly pulled the backdoored package into their environments.

Malware Concealment via WAV Steganography

The backdoored package includes a WAV audio file that appears benign to casual inspection. However, the malicious payload — a credential-stealing malware — is hidden within the audio file using steganographic techniques. Steganography conceals data inside a carrier file (in this case audio) in a way that is not apparent to the naked eye and is designed to evade security tooling that scans for obvious malware signatures.

The package installs normally and may appear fully functional, reducing the likelihood that developers will immediately notice something is wrong. The WAV file is extracted and decoded at runtime to retrieve and execute the malware payload.

Credential Stealer Payload

Once the hidden malware is decoded from the WAV file and executed, it acts as a credential stealer targeting:

• Environment variables — harvesting API keys, database credentials, and cloud provider tokens commonly stored in .env files or shell environments in developer workstations
• Browser-stored credentials — passwords, session cookies, and stored logins from Chromium and Firefox-based browsers
• SSH keys and configuration files — private keys and known hosts files that could enable lateral movement
• Cloud provider configuration — AWS credentials (~/.aws/credentials), GCP service account keys, and Azure CLI tokens

Stolen credentials are exfiltrated to attacker-controlled infrastructure. In developer environments, these credentials often represent broad access to cloud infrastructure, CI/CD pipelines, source code repositories, and production systems.

Why PyPI Supply Chain Attacks Are High Impact

The telnyx package attack follows a pattern of supply chain compromises targeting PyPI and other package registries. Developers implicitly trust packages they install from official registries, and package installation often occurs in automated pipelines (CI/CD), meaning the malicious code may execute in highly privileged environments without direct human observation.

Developer machine compromises via supply chain attacks are particularly valuable to threat actors because:

• Developer workstations typically hold credentials to numerous high-value systems
• Code signing keys and deployment credentials may be accessible
• Source code and intellectual property can be exfiltrated
• Pivoting from a compromised developer machine into cloud infrastructure is often straightforward

TeamPCP

TeamPCP is a threat actor group observed conducting supply chain attacks against the Python ecosystem via PyPI. The group has previously been linked to campaigns targeting communications and developer tooling packages. Their use of steganography to conceal payloads within audio files is a notable evolution in their obfuscation tradecraft, making detection by static analysis tools more difficult.

What Affected Developers Should Do

Any developer or organization using the telnyx Python package should take immediate action:

1. Check installed version — Verify which version of the telnyx package is installed in your environment (pip show telnyx)
2. Check for malicious versions — Consult PyPI advisories or the Telnyx GitHub repository for the list of known-compromised version numbers
3. Remove and reinstall — Uninstall the package and reinstall only a verified clean version
4. Rotate all credentials — Assume any credentials accessible from the environment where the package was installed are compromised: API keys, cloud credentials, database passwords, SSH keys, and browser-stored passwords
5. Audit CI/CD pipelines — If the package was used in automated build or deployment pipelines, treat all credentials used in those pipelines as compromised and rotate them immediately
6. Scan for indicators — Use endpoint detection tools to scan for malware indicators associated with this campaign

Broader Defence Against PyPI Supply Chain Attacks

• Pin package versions in requirements.txt or pyproject.toml and use hash verification to detect unexpected changes
• Use private package mirrors with package validation for production environments
• Monitor PyPI advisories and subscribe to security alerts for packages in your dependency tree
• Apply least privilege to environments where packages are installed — limit the credentials accessible from build and dev environments

Source: BleepingComputer