Telnyx SDK Vulnerability Exposes Users to TeamPCP Malware via Phony Ringtones
Telnyx Issues Urgent Alert After Hackers Steal Cloud and Crypto Credentials
A group of hackers known as TeamPCP has infiltrated the Telnyx Python Software Development Kit (SDK), compromising the cloud and cryptographic credentials of unsuspecting developers.
Compromised SDK Versions Identified
The compromised SDK versions, 4.87.1 and 4.87.2, were uploaded to the Telnyx repository on March 27, 2026, allowing the hackers to gain unauthorized access to sensitive information.
Malicious Code Concealed Within Audio File
According to an investigation conducted by OX Security, the hackers employed a sophisticated tactic, concealing their malicious code within a seemingly innocuous audio file named “_client.py”. This audio file, which was actually a scrambled program, allowed the hackers to infiltrate systems and exfiltrate valuable data, including SSH keys, cryptocurrency wallets, and credentials for Google Cloud and Azure.
Breach Occurred Through “pip Install Telnyx” Command
The breach occurred when developers installed the tainted SDK using the “pip install telnyx” command during the brief window the malicious files were live. This exposed them to the risk of having their credentials compromised, putting their projects and sensitive data at risk.
Telnyx Responds Swiftly to Breach
Fortunately, Telnyx responded swiftly to the breach, identifying the root cause and taking corrective action. Although the company’s core phone networks and customer databases remained unaffected, the risk for developers who installed the compromised SDK is very real.
Recommendations for Affected Developers
Those who installed version 4.87.1 or 4.87.2 are advised to revert to version 4.87.0 and immediately rotate all keys and secrets to prevent hackers from exploiting any stolen login details.