Cloud communications platform Telnyx has become the latest target in an ongoing supply chain attack campaign orchestrated by the hacking group TeamPCP, which has been actively compromising open-source software ecosystems in recent weeks. The attack specifically targeted Telnyx’s Python SDK, widely used by developers, by injecting malicious code into the package distributed via the PyPI repository.
As part of the breach, attackers uploaded two compromised versions of the SDK — versions 4.87.1 and 4.87.2 — designed to affect systems running on Windows, macOS, and Linux. The malicious packages contained hidden payloads that could execute code upon installation, enabling attackers to establish persistence and extract sensitive data from infected machines.
The attack leveraged sophisticated techniques, including embedding malicious scripts within seemingly benign files. On Windows systems, the payload could drop an executable into the startup folder, while on macOS and Linux, it executed scripts to decode and deploy additional components aimed at stealing session keys and other sensitive information. The stolen data was encrypted using RSA-based encryption, consistent with previous TeamPCP operations.
This incident is part of a broader campaign that began earlier in March, initially targeting tools such as Aqua Security’s Trivy scanner before spreading across multiple platforms including NPM, Docker Hub, Kubernetes, OpenVSX, and other PyPI packages like LiteLLM. The attackers have been exploiting compromised credentials and dependencies to move laterally across the software supply chain.
Security researchers have identified the scale of the campaign as potentially extensive, with hundreds of repositories already affected and thousands more at risk due to interconnected dependencies. Experts caution that these figures likely underestimate the true impact, as private repositories and indirect dependencies could significantly widen the scope of compromise.
The Telnyx incident highlights the increasing sophistication of supply chain attacks targeting developer tools and open-source ecosystems. As attackers continue to exploit trust in widely used libraries, organizations are being urged to strengthen dependency monitoring, secure access credentials, and implement stricter controls across their software development pipelines.
