Telnyx Dependency Checker
Check if your Python project uses the compromised Telnyx versions (4.87.1, 4.87.2) from the TeamPCP supply chain attack on March 27, 2026.
Same attacker that hit LiteLLM (97M downloads) three days earlier. The campaign is expanding.
Supports requirements.txt, Pipfile, pyproject.toml, poetry.lock, pip freeze output. Also checks for LiteLLM (same attacker).
If You Are Affected
1. Uninstall & Pin Safe Version
pip uninstall telnyx && pip install telnyx==4.86.02. Rotate Telnyx API Keys
Generate new API keys in the Telnyx Mission Control portal. Revoke all existing keys immediately.
3. Check Windows Startup Persistence
The malware adds persistence via Windows Startup folder. Check for unfamiliar executables in:
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\4. Rotate All Environment Credentials
- Cloud provider keys (AWS, GCP, Azure)
- Database connection strings
- Any API keys stored in .env files
- SSH keys if also using LiteLLM
TeamPCP Campaign Timeline
March 19: Trivy GitHub Actions compromised
CI/CD pipeline infected via pull_request_target trigger
March 21: Checkmarx AST compromised
Security scanner used to position inside build pipelines
March 24: LiteLLM PyPI packages backdoored
97M monthly downloads. SSH keys, cloud creds, crypto wallets stolen. 47K downloads in 46 minutes.
March 27: Telnyx PyPI packages backdoored (YOU ARE HERE)
Telecom infrastructure SDK. Same RSA-4096 key, same tpcp.tar.gz signature. Campaign expanding beyond AI tooling.
Supply chain attacks are just one vector
If your app was vibe-coded, dependencies are one risk. But there are dozens more: exposed API keys, missing auth, misconfigured databases, insecure defaults.
Also check: LiteLLM Dependency Checker