logoalt Hacker News

ramimacyesterday at 8:59 AM2 repliesview on HN

We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports

Replies

Scaevolusyesterday at 8:33 PM

I'm glad there's many teams with automated scans of pypi and npm running. It elevates the challenge of making a backdoor that can survive for any length of time.

Imustaskforhelpyesterday at 11:54 AM

Ramimac, has there been any action on having the c2 server's ip address being blacklisted?

The blast radius of TeamPCP just keeps on increasing...