We haven't blogged this yet, but a variety of teams found this in parallel.
The packages are quarantined by PyPi
Follow the overall incident: https://ramimac.me/teampcp/#phase-10
Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...
ReversingLabs, JFrog also made parallel reports
I'm glad there's many teams with automated scans of pypi and npm running. It elevates the challenge of making a backdoor that can survive for any length of time.
Ramimac, has there been any action on having the c2 server's ip address being blacklisted?
The blast radius of TeamPCP just keeps on increasing...