# Telnyx Python Package Hacked: Malicious Code Steals SSH Keys and Tokens
Attackers from the TeamPCP group hacked the Telnyx developers' account on PyPI and published malicious versions 4.87.1 and 4.87.2 of the package. This SDK, with over 740,000 monthly downloads, is used for integrating VoIP, SMS, MMS, WhatsApp, fax, and IoT services. The attack was discovered by experts from Aikido, Socket, and Endor Labs on March 27, 2026. PyPI blocked the versions by 13:13 that same day.
The malicious code activates upon importing the module via the file telnyx/_client.py. It doesn't disrupt basic functionality but extracts sensitive data: SSH keys, credentials, cloud tokens, and crypto wallets. To mask the payload, steganography is used in WAV audio files.
Attack Mechanism by Platform
On Linux and macOS:
- Downloads
ringtone.wavfrom the C2 server. - Extracts the encrypted payload.
- Steals SSH keys, credentials, AWS/GCP/Azure tokens, and crypto wallet seed phrases.
On Windows:
- Downloads
hangup.wav. - Decodes the executable file
msbuild.exefrom it. - Moves the file to
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startupfor persistence. - Runs on user login.
The presumed access vector for the hackers was stolen PyPI credentials. Telnyx's infrastructure remained untouched.
Response Recommendations
Developers must take action immediately:
- Roll back to version 4.87.0:
pip install telnyx==4.87.0. - Check systems for versions 4.87.1/4.87.2 — consider them compromised.
- Audit import logs and network traffic for C2 connections.
- Rotate all passwords, API keys, SSH keys, and cloud tokens.
- Scan hosts for
ringtone.wav,hangup.wav, ormsbuild.exe. - Implement PyPI package monitoring using tools like Socket or Aikido.
Steganography Technical Details
The payload is hidden in WAV files using steganographic methods. Upon module import, the file is downloaded, decoded, and executed in memory, minimizing disk traces. This makes detection by traditional AV solutions harder. For analysis, we recommend tools like stegseek or binwalk on extracted WAV files.
At a senior level, implement supply-chain security: SBOM (Software Bill of Materials), artifact signing, and automated scanning of new releases. Check dependencies in CI/CD using pip-audit or safety.
Key Points
- Malicious versions 4.87.1/4.87.2 were distributed until 13:13 on March 27 — urgently check your environments.
- The attack uses WAV steganography to evade detection; payload steals SSH, tokens, and crypto.
- Roll back to 4.87.0 is mandatory; rotate all credentials.
- Monitor PyPI accounts: stolen creds are the primary vector.
- Integrate supply-chain security tools into your pipeline.
— Editorial Team
No comments yet.