Summary
Key Points:
- Malicious versions of the Telnyx Python SDK (4.87.1, 4.87.2) have been compromised and uploaded to PyPI by the TeamPCP threat group.
- The attack impacts any system using these SDK versions, as the malicious code executes upon import, allowing for cross-platform exploitation.
- Immediate actions include removing the affected SDK versions from systems, monitoring for unusual network activity, and implementing restrictions on package installations from untrusted sources.
Technical Details: The malicious packages fetch a .wav file from a command-and-control (C2) server, read its frame data, base64-decode it, and then apply XOR operations to execute the payload.
MITRE ATT&CK Techniques:
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.