TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack
TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack
https://www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package/
Publish Date: 2026-03-27 11:06:00
Source Domain: www.infosecurity-magazine.com
TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers.
The cyber threat group recently rose to notoriety by uploading malicious packages to Python Package Index (PyPI), the official online repository where developers share and download Python software packages. The group typically uses typosquatting to trick developers into downloading them.
In one campaign, the group targeted Trivy, a widely used open-source vulnerability scanner owned by Aqua Security, by injecting credential-stealing malware into official releases and GitHub Actions.
A few days later, researchers discovered TeamPCP targeted LiteLLM AI Gateway, a popular Python library for AI model integration.
Now, a third TeamPCP campaign has been identified which affects the Telnyx Python package on PyPI and leads to the delivery of credential-stealing malware.
Telnyx is a cloud communications platform that provides application programming interfaces (APIs) for phone calls, SMS, MMS and other telecom services.
TeamPCP’s Telnyx Compromise Campaign Explained
On March 27, researchers from both Socket and Endor Labs published findings revealing that the official Telnyx Python software development kit (SDK) had been compromised in a software supply chain attack.
Socket researchers identified that the telnyx package, a legitimate and widely used Python SDK for the Telnyx communications platform, had been tampered with. The malicious versions published to PyPI – versions 4.87.1 and 4.87.2 – contained code designed to exfiltrate sensitive information from victim environments.
“They should not be used,” warned the Socket Research Team, whose members confirmed that researchers at Aikido Security and Wiz, now part of Google Cloud, independently came to the same conclusions.
Socket found that the attacker had injected functionality to steal SSH private keys and bash history files from compromised systems, sending…
