A cybercriminal group previously associated with a supply chain compromise involving the Trivy vulnerability scanner has launched another attack, this time targeting developers through manipulated Telnyx packages on the Python Package Index (PyPI).
According to findings from Ox Security, the group known as TeamPCP has re-emerged after its earlier involvement in distributing malicious versions of the LiteLLM package. That earlier campaign followed a breach affecting Trivy, an open-source vulnerability scanning tool, and resulted in compromised packages being made available to developers.
In the latest incident, the attackers appear to have interfered with the PyPI distribution of Telnyx’s Python software development kit. Telnyx, which provides voice-over-IP services and artificial intelligence-based voice solutions, had legitimate package versions replaced with altered releases containing a multi-stage information-stealing malware along with mechanisms designed to maintain long-term access on infected systems.
Researchers noted that while the malicious logic resembles what was previously observed in the LiteLLM case, the delivery technique differs. Instead of directly embedding harmful code into the package, the Telnyx versions retrieve a secondary payload disguised as a .wav audio file. This file is later decoded and executed on the victim’s machine, representing a more indirect and stealth-oriented infection method.
Telnyx acknowledged the issue and stated that it has since been resolved. The company clarified that the incident was limited strictly to its Python package and did not affect its infrastructure, network environment, APIs, or core services. However, it warned that any system where the affected package versions were installed should be considered compromised.
Users have been specifically advised to check whether they installed versions 4.87.1 or 4.87.2. If so, the recommendation is to treat the affected environment as breached and immediately rotate any credentials that may have been exposed.
The potential scale of exposure is notable. Ox Security reported that Telnyx packages receive more than 34,000 downloads per week on PyPI, suggesting that a considerable number of developers and services may have unknowingly installed the malicious versions before they were removed.
RedLine Infostealer Case Leads to Extradition
In a separate law enforcement development, a suspected individual connected to the RedLine infostealer operation has been extradited to the United States. Hambardzum Minasyan, an Armenian national, recently appeared in federal court in Austin, Texas.
He faces charges that include conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act, and conspiracy to engage in money laundering. According to court documents, his alleged role involved setting up virtual private servers and domains used to host RedLine infrastructure, maintaining repositories used to distribute the malware to affiliates, and registering cryptocurrency accounts used to collect payments.
If convicted on all counts, Minasyan could face a maximum sentence of 30 years in prison.
Authorities had previously identified another alleged key figure, Maxim Rudometov, in 2024, describing him as a central developer and operator of the RedLine malware. The U.S. government later announced a reward of $10 million for information related to Rudometov and his associates. It remains unclear whether any reward was issued in connection with Minasyan’s arrest.
EU Examines Snapch
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: