Telnyx package latest hit in PyPI supply-chain compromise – The Register

infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on developers’ systems. Ox Security warned on Friday that TeamPCP – the group researchers link to the recent compromise of open-source vulnerability scanner Trivy, which led to malicious LiteLLM packages appearing on PyPI – is back, this time with another compromise of a legitimate software package. In this case, the crew hit Telnyx, which offers VoIP services and AI voice agents. TeamPCP appears to have compromised the PyPI distribution of Telnyx’s Python SDK, replacing current package versions with malicious releases loaded with a multi-stage infostealer and persistence mechanisms. According to Ox, the malware added to the package is similar to the malicious code added to LiteLLM.  According to Ox, the Telnyx malware’s main difference from the LiteLLM package is how it’s installed: Instead of embedding malicious code directly in the file, the Telnyx package downloads its malware in the form of a .wav file that’s decoded and executed on the target machine.  Telnyx told Ox in a post on X that it had found and resolved the issue, while
Read More