TeamPCP, a hacking group linked to cryptocurrency thefts, compromised the official Telnyx Python package on PyPI today. They uploaded malicious versions—specifically 2.10.0 and 2.10.1—that install credential-stealing malware. The payload hides inside a seemingly innocent WAV audio file, using steganography to dodge antivirus scans.
This supply chain attack targets developers building voice and SMS apps with Telnyx’s cloud communications platform. Telnyx powers over 100 million phone numbers worldwide and handles billions of API calls monthly for fintech, delivery services, and two-factor authentication systems. Any dev who pip installs the tainted package risks exposing browser cookies, saved passwords, and crypto wallet data.
The Attack Mechanics
Hackers likely seized the Telnyx developer’s PyPI credentials through phishing or infostealer logs. They pushed the bad versions within hours, mimicking legitimate updates. The package, normally at version 2.9.5, jumped to 2.10.0 with a changelog claiming “bug fixes and performance improvements.”
Once installed, the code extracts malware from an embedded WAV file named “update.wav.” It decodes the audio steganographically—hiding executable bytes in the file’s least significant bits—and drops it as “sysupdate.exe” in the temp folder. The stealer then targets Chrome, Firefox, and Edge profiles, exfiltrating data to attacker-controlled servers in China. TeamPCP’s tactics match prior hits on crypto platforms, where they vacuumed $10 million in assets last year.
PyPI scans missed it initially because the WAV looked benign, and dynamic analysis didn’t trigger execution. By evening, Telnyx yanked the versions and rotated credentials, but downloads already hit thousands—tracked via PyPI stats showing 5,000+ installs in the first day.
Why Supply Chain Attacks Keep Winning
Python devs install 500 million packages daily from PyPI, with little built-in verification. Unlike npm’s token-based auth, PyPI relies on email confirmations, making account takeovers easy. This echoes the 2023 XZ Utils near-miss and Python’s own ‘cryptography’ compromise attempt.
TeamPCP specializes here: they hit GitHub repos for crypto libs before, blending malware into legit code. Skeptics note PyPI’s response time—hours, not minutes—leaves a window for mass compromise. Fair point: open-source maintainers often lack enterprise security budgets, but platforms like PyPI could enforce 2FA mandatorily. They don’t.
Implications for Finance and Crypto
Telnyx integrates deeply into fintech stacks—think Stripe calls, bank alerts, exchange 2FA. Compromised devs mean stolen session tokens for trading accounts or API keys for automated bots. In crypto, where OKX and Binance use similar comms, this could cascade: one infected trader’s rig spreads via shared VPS or CI/CD pipelines.
Last year, supply chain hits cost $50 billion globally, per Sonatype. Here, it matters because credential dumpers fuel ransomware and exchange drains. If 1% of Telnyx’s 10,000+ monthly SDK users got hit, that’s hundreds of exposed machines. Finance firms verify packages manually now, but most startups don’t—pip install and ship.
What Developers Must Do Now
Downgrade to telnyx==2.9.5 immediately: pip install telnyx==2.9.5 --force-reinstall. Scan systems with tools like Microsoft Defender or Malwarebytes, hunting “sysupdate.exe” and odd WAVs. Rotate all API keys, passwords, and browser data.
Prevent future pain: Pin versions in requirements.txt, use pyproject.toml for hashes, and enable PyPI’s project provenance badges. Tools like pip-audit flag vulnerabilities pre-install. For prod, airgap builds or private PyPI mirrors cut risks.
Organizations: Audit logs for May 23 installs. Telnyx users, check their status page—they’re pushing patched wheels. This isn’t hype; it’s a reminder supply chains are the new perimeter. Act fast, or pay later.
