Malware - TeamPCP Backdoors Telnyx PyPI Package Again
Basically, hackers modified a popular coding tool to secretly install malware on users' computers.
TeamPCP has backdoored the Telnyx SDK on PyPI, delivering malware through malicious packages. Developers using this SDK are at risk of sensitive data exposure. Immediate action is necessary to secure affected environments.
What Happened
TeamPCP has struck again, this time targeting the Telnyx software development kit (SDK) on the Python Package Index (PyPI). Researchers from Endor Labs discovered that attackers backdoored legitimate versions 4.87.1 and 4.87.2 of the Telnyx package. These versions were published on March 27, 2026, shortly after each other, indicating a compromise of PyPI publishing credentials. The first version contained a typo that rendered the malicious code non-functional, prompting the release of the second version.
The attack likely stemmed from a previous compromise of the LiteLLM package. TeamPCP’s tactics involved harvesting environment variables and shell histories from systems that had imported LiteLLM. If developers or CI pipelines had access to both LiteLLM and the Telnyx PyPI token, the attackers could exploit this to publish their backdoored packages.
Who's Being Targeted
The backdoored Telnyx packages primarily affect developers and organizations utilizing the Telnyx SDK for AI Voice Agent services. By importing the compromised packages, users unwittingly execute malicious code that can lead to severe data breaches. The malware is designed to target sensitive information across various systems, including cloud credentials and SSH keys, making it a significant threat to anyone relying on this SDK.
The impact extends beyond individual developers to organizations that may inadvertently expose sensitive data. The malware can infiltrate environments, leading to a full compromise if Kubernetes service account tokens are present.
Signs of Infection
Once imported, the malicious Telnyx package executes immediately, retrieving and dropping a persistent executable on Windows systems or an information stealer on Linux/macOS systems. This malware is adept at exfiltrating sensitive data, including:
- SSH keys and configurations
- Cloud credentials
- Authentication data from developer tools
- Database credentials
- Environment configuration files
If a Kubernetes service account token exists, the malware can deploy a privileged pod to every node in the kube-system, posing a severe risk to the entire cluster.
How to Protect Yourself
Developers and organizations should take immediate action to protect themselves from this threat. Here are some recommended steps:
- Quarantine the Telnyx PyPI project: Ensure that the compromised packages are removed from your environments.
- Rotate all credentials: If you suspect a compromise, treat it as a full environment breach and rotate all associated credentials.
- Monitor for indicators of compromise: Check your systems and logs for any signs of infection, particularly those linked to TeamPCP's previous attacks.
Staying informed about ongoing threats and employing robust security practices can help mitigate the risks associated with supply chain attacks like this one. Regularly updating dependencies and monitoring for vulnerabilities is crucial for maintaining a secure development environment.
Help Net Security