Back to Home

Telnyx Hack on PyPI: Theft of Keys and Tokens

Hackers TeamPCP Hacked Telnyx on PyPI, Injecting Malicious Code into Versions 4.87.1/4.87.2. Malware Uses WAV Steganography to Steal Keys and Tokens. Recommendations: Rollback to 4.87.0, Credentials Rotation and Dependencies Monitoring.

TeamPCP Hacked Telnyx: Malware Details in PyPI
Advertisement 728x90

# Telnyx Python Package Hacked: Malicious Code Steals SSH Keys and Tokens

Attackers from the TeamPCP group hacked the Telnyx developers' account on PyPI and published malicious versions 4.87.1 and 4.87.2 of the package. This SDK, with over 740,000 monthly downloads, is used for integrating VoIP, SMS, MMS, WhatsApp, fax, and IoT services. The attack was discovered by experts from Aikido, Socket, and Endor Labs on March 27, 2026. PyPI blocked the versions by 13:13 that same day.

The malicious code activates upon importing the module via the file telnyx/_client.py. It doesn't disrupt basic functionality but extracts sensitive data: SSH keys, credentials, cloud tokens, and crypto wallets. To mask the payload, steganography is used in WAV audio files.

Attack Mechanism by Platform

On Linux and macOS:

Google AdInline article slot
  • Downloads ringtone.wav from the C2 server.
  • Extracts the encrypted payload.
  • Steals SSH keys, credentials, AWS/GCP/Azure tokens, and crypto wallet seed phrases.

On Windows:

  • Downloads hangup.wav.
  • Decodes the executable file msbuild.exe from it.
  • Moves the file to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup for persistence.
  • Runs on user login.

The presumed access vector for the hackers was stolen PyPI credentials. Telnyx's infrastructure remained untouched.

Response Recommendations

Developers must take action immediately:

Google AdInline article slot
  • Roll back to version 4.87.0: pip install telnyx==4.87.0.
  • Check systems for versions 4.87.1/4.87.2 — consider them compromised.
  • Audit import logs and network traffic for C2 connections.
  • Rotate all passwords, API keys, SSH keys, and cloud tokens.
  • Scan hosts for ringtone.wav, hangup.wav, or msbuild.exe.
  • Implement PyPI package monitoring using tools like Socket or Aikido.

Steganography Technical Details

The payload is hidden in WAV files using steganographic methods. Upon module import, the file is downloaded, decoded, and executed in memory, minimizing disk traces. This makes detection by traditional AV solutions harder. For analysis, we recommend tools like stegseek or binwalk on extracted WAV files.

At a senior level, implement supply-chain security: SBOM (Software Bill of Materials), artifact signing, and automated scanning of new releases. Check dependencies in CI/CD using pip-audit or safety.

Key Points

  • Malicious versions 4.87.1/4.87.2 were distributed until 13:13 on March 27 — urgently check your environments.
  • The attack uses WAV steganography to evade detection; payload steals SSH, tokens, and crypto.
  • Roll back to 4.87.0 is mandatory; rotate all credentials.
  • Monitor PyPI accounts: stolen creds are the primary vector.
  • Integrate supply-chain security tools into your pipeline.

— Editorial Team

Google AdInline article slot
Advertisement 728x90

Read Next