Backdoored Telnyx PyPI Package Uses Steganography to Deliver Malware

Security researchers have identified a Supply Chain Attack targeting the Telnyx Python SDK on the Python Package Index (PyPI). According to BleepingComputer, a threat actor group identified as TeamPCP uploaded malicious versions of the library to deliver infostealing malware. This incident follows a growing trend of attackers compromising trusted developer tools to bypass perimeter defenses and gain access to sensitive development environments.

Technical Analysis of the Backdoor Mechanism

The compromise affected versions 1.1.2 and 1.1.3 of the telnyx package. Unlike the official library, these versions contained a modified setup.py file designed to execute malicious code during the installation process. The script initiates by checking the operating system of the host. If the environment is compatible, it uses the Python requests library to fetch a file named test.wav from a remote server controlled by the attackers. This specific TeamPCP PyPI malware analysis indicates that the attackers leverage legitimate-looking media assets to avoid detection by EDR solutions that might flag executable downloads but ignore audio files.

Telnyx PyPI package 1.1.2 mitigation steps

Organizations using the Telnyx SDK must perform an immediate audit of their Python environments to ensure they are not running the compromised releases. The most effective mitigation is to upgrade to version 1.1.4, which has been verified as clean by the maintainers, or to downgrade to the last known-safe version, 1.1.1. Security teams should also inspect local directories for any unexpected .wav files and monitor network logs for outbound connections to suspicious domains or IP addresses associated with this campaign. It is also advisable to rotate any credentials or API keys that may have been stored in environment variables on systems where the malicious package was installed.

Steganography and Payload Delivery

A notable TTP in this campaign is the use of steganography to conceal the primary payload. The downloaded test.wav file is not a functional audio file but a container for encoded Python code. The malware utilizes Least Significant Bit (LSB) steganography to embed a script within the audio data. Once downloaded, the setup.py script extracts this hidden code and executes it in memory using the exec() function. This method is highly effective for bypassing static analysis tools that do not inspect the internal data structures of non-executable file formats.

How to detect PyPI supply chain malware

Detecting such threats requires a multi-layered approach. Because the malware executes during the pip install phase, SOC analysts should monitor for unusual child processes spawning from the Python interpreter, especially those involving network utilities or shell executions. Implementing a Zero Trust architecture for developer workstations, where outbound internet access is restricted to known-good repositories and specific domains, can significantly reduce the risk of C2 communication. Furthermore, reviewing any IoC related to the domains used by TeamPCP is necessary for retroactive hunting within the network.

Malicious Payload Functionality

The final payload is a sophisticated infostealer designed to harvest sensitive information from the infected machine. The script targets Discord tokens, browser-stored credentials, and cookies from various platforms. Additionally, it collects system metadata, including IP addresses, hardware identifiers, and OS versions. This data is then exfiltrated to the attacker’s infrastructure, often via Discord webhooks or dedicated HTTP endpoints. This type of data theft provides the attackers with the necessary credentials for Lateral Movement within a corporate network or for further Phishing campaigns targeting other employees within the organization.