The developers of the VoIP platform Telnyx issued a warning to users regarding the compromise of the package “telnyx” in the PyPI repository. This package, which has 756 thousand downloads per month, provides an SDK for accessing the Telnyx API from Python programs. On March 27, attackers managed to publish two malicious releases of telnyx 4.87.1 and 4.87.2 after capturing the maintainer’s credentials, gaining access to PyPI. The malicious versions were distributed from 6:51 to 13:13 (MSK) before being blocked by the PyPI administration. Fortunately, the infrastructure, API, voice services, and Telnyx platform were not affected.
This compromise was part of a larger supply chain attack by TeamPCP. During this attack, other Python packages like LiteLLM and Trivy were compromised, and malicious code was integrated into the OpenVSX add-on Checkmarx. Additionally, a malicious worm was embedded in 68 packages in the NPM repository. It was noted that the RSA key used in encrypting the sent data coincided with keys used in other attacks attributed to the TeamPCP group.
The malicious versions of telnyx created by the attackers contained embedded malicious code within the “_client.py” file. This code was activated upon importing the module, prompting the download of sound files (ringtone.wav for Unix-like systems and hangup.wav for Windows) from the attackers’ servers. While these files played as audio files, they actually contained hidden malicious handlers using steganography.
On Windows systems, the malicious handler was saved as “%APPDATA%MicrosoftWindowsStart MenuProgramsStartupmsbuild.exe” and executed at every login. On macOS and Linux systems, sensitive data such as SSH keys, credentials, environment variables, API access tokens, cloud service connection parameters, crypto wallet keys, DBMS passwords, and more were searched for and sent. The collected data was encrypted using AES-256-CBC + RSA-4096 algorithms and transmitted via an HTTP POST request to an external host.