PyPI Compromised: Malicious Code in `telnyx` Packages Leads to Credential Theft and Malware Installation

Executive Summary The PyPI repository has once again fallen victim to a sophisticated supply chain attack, this time targeting the telnyx package in versions 4.87.1 and 4.87.2 . The culprit, TeamPCP , reused the same RSA key and tpcp.tar.gz exfiltration header as in their previous litellm compromise, demonstrating a pattern of persistence and technical sophistication. The malicious code, injected into telnyx/\_client.py , activates on import telnyx , requiring no user interaction —a silent but deadly intrusion. Technical Breakdown of the Attack The payload was concealed within WAV audio files using steganography , a technique that embeds data within seemingly innocuous files. This method bypasses traditional network inspection tools, as the malicious code is hidden in plain sight. Upon execution: Linux/macOS Systems: The malware steals credentials, encrypts them using AES-256 and RSA-4096 , and exfiltrates them to the attacker’s command-and-control (C2) server . The encryption ensures