Compromised telnyx on PyPI: WAV Steganography and Credential Theft

hackerworkspace@infosec.exchange

Compromised telnyx on PyPI: WAV Steganography and Credential Theft

Compromised telnyx on PyPI: WAV Steganography and Credential Theft

Analysis of malicious telnyx 4.87.1 and 4.87.2 on PyPI — a package with over 1 million monthly downloads: injected code uses WAV audio steganography to deliver payloads that steal credentials and establish persistence. Attributed to TeamPCP.

SafeDep - Real-time Open Source Software Supply Chain Security (safedep.io)

Short summary: https://hackerworkspace.com/article/compromised-telnyx-on-pypi-wav-steganography-and-credential-theft

#malware #cybersecurity #threatintelligence