PyPI package telnyx has been compromised in yet another supply chain attack
5 hours ago
- #supply-chain-attack
- #cybersecurity
- #malware
- TeamPCP's supply chain campaign continues with the compromise of Telnyx on PyPI.
- Attackers steal credentials from trusted security tools to push malicious versions.
- Recent attacks include Trivy, CanisterWorm on npm, Checkmarx, and LiteLLM.
- Telnyx payload runs at import time, delivering malware via WAV steganography.
- Windows drops msbuild.exe in the Startup folder; Linux/Mac executes a base64-encoded script.
- WAV files hide malicious payloads, bypassing content-based filters.
- Remove telnyx>=4.87.1 and pin to telnyx==4.87.0; rotate compromised credentials.
- Monitor for outbound HTTP to 83.142.209.203:8080 and check for msbuild.exe persistence.