Major compromise of the telnyx Py PI library could put millions of users at risk | Tech Radar

Overview

News, deals, reviews, guides and more on the newest smartphones

News, deals, reviews, guides and more on the newest computing gadgets

Details

Start exploring exclusive deals, expert advice and more

Unlock and manage exclusive Techradar member rewards.

Major compromise of the telnyx Py PI library could put millions of users at risk

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

JFrog reports Telnyx Py PI package was poisoned with malware by Team PCP

Malicious update delivered hidden .wav payload that deployed infostealer and persistence mechanisms

Users advised to downgrade, block C2 communication, rotate credentials, and scan for persistence

Telnyx, a popular Py PI package providing real-time communication features, was recently poisoned and used to serve malware to its users, experts have warned.

A report from security researchers JFrog, along with other independent security experts, notes how as a cloud platform that lets developers add real-time comms features to apps, like voice and messaging, Telnyx provides APIs and tools for building solutions such as calling systems and SMS-based services.

It has been downloaded millions of times already, and according to JFrog, it’s had more than 670,000 downloads just this month, acting as an alternative to Twilio, sometimes picked because of its asynchronous httpx support and cost efficiency in high-concurrency environments.

Top LLM Py Pl package compromised to steal user details - here's what we know

North Korean job scammers target Java Script and Python developers with fake interview tasks spreading malware

Linux users targeted as crypto-stealing malware hits Snap packages - here's how to stay safe

However telnyx was recently updated, with two new versions hitting Py PI: 4.87.1 and 4.87.2. Those that upgraded their packages were then served a normal audio file (.wav) from the internet, which the script extracts and decodes.

The attack was done by a hacking collective calling itself Team PCP. This group has been making headlines recently, when it managed to compromise another major Python package called Lite LLM.

Now, researchers observed almost identical code in telnyx, saying they’re not yet sure how the maintainer’s Py PI account got compromised.

In any case, the .wav payload is now offline, and the URL hosting it is offline. Those who installed the poisoned versions should downgrade to the clean version, block all C2 address communication, and then revoke and rotate all credentials. Then, they should scan for additional persistence, to make sure the compromise has been fully addressed.

Word Press is a major website building platform (Image credit: Pixabay)

As a platform, Word Press is generally considered safe and without known major vulnerabilities. However, it operates a vast repository of third-party, user-built themes and plugins, split into free and premium categories. The latter ones usually come with a dedicated maintenance and development team and as such are regularly updated and hardened against attacks.

The free ones, on the other hand, are often built by enthusiasts, small teams, and freelance developers. Many of them are abandoned, unmaintained, or otherwise poorly managed, despite being popular among the users. As such, they create a huge security risk on one end, and attack opportunity on the other.

This Premium Word Press plugin and theme have been compromised – here's how to check your website hasn't been infected

English learning app used by Sony and Paramount put millions of users at risk

Experts flag around 800,000 Telnet servers exposed to remote attacks - here's why users should be on their guard

As a general rule of thumb, security researchers advise Word Press users to keep their platform, themes, and plugins updated at all times. Furthermore, they suggest users only keep installed those themes and plugins they actively use and make sure to replace any default security and privacy settings.

➡️ Read our full guide to the best antivirus

1. Best overall: Bitdefender Total Security
2. Best for families: Norton 360 with Life Lock
3. Best for mobile: Mc Afee Mobile Security

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow Tech Radar on Tik Tok for news, reviews, unboxings in video form, and get regular updates from us on Whats App too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, Io T, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

1 Mullvad Browser's testers now get access to updates every four weeks, also on Linux ARM devices

2EV charging just got a massive boost for millions in the UK — as rule changes make it easier to avoid 'driveway discrimination’ at home

3 Apple removes custom VPN clients from Russian App Store amid Telegram crackdown

4 Crimson Desert's player count is soaring after new patches that make it even more of a game of the year contender

5 Git Hub developers targeted by fake VS Code alerts spreading malware

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

• News, deals, reviews, guides and more on the newest smartphones
• News, deals, reviews, guides and more on the newest computing gadgets
• Start exploring exclusive deals, expert advice and more
• Unlock and manage exclusive Techradar member rewards

• Major compromise of the telnyx Py PI library could put millions of users at risk