Hackers Hide Malware in Audio Files to Steal Data

Hackers just broke into a popular coding tool to spread a virus hidden inside music files. This clever trick targets thousands of developers who use the Telnyx system for messaging and calls. If you use Python for work, your private passwords and digital keys could be at risk right now.

Dangerous Code Found in Popular Python Tool

A group of hackers known as TeamPCP successfully hijacked a major piece of software on the Python Package Index this week. The target was the official Telnyx library, a tool downloaded over 740,000 times every month. Developers use this code to add features like WhatsApp messaging, SMS, and internet calling to their apps.

By stealing the login details of the real creators, the hackers uploaded two fake versions of the software. These bad versions look exactly like the real thing but secretly download a virus the moment a programmer starts their work. Security experts caught the attack quickly, but the damage may already be done for those who updated their systems yesterday.

The attack is what experts call a supply chain hit. Instead of attacking one person, the hackers poison a tool that thousands of people trust. This allows them to spread their virus to many companies all at once through a single door.

How a Simple Sound File Hides a Virus

The most alarming part of this attack is how the hackers hid their tracks. They used a method called steganography, which hides secret data inside a normal looking file. In this case, the virus was tucked away inside a WAV audio file that sounds like a standard ringtone.

On Apple and Linux computers, the infected software downloads a file named ringtone.wav. While it looks like music, it actually contains a hidden script that steals cloud tokens and crypto wallets. The virus runs entirely in the computer memory, making it very hard for basic antivirus programs to see it.

Windows users face a different threat. The software downloads a file called hangup.wav, which puts a malicious file in the computer startup folder. This means the virus starts up every single time the user logs in, ensuring the hackers keep control of the machine.

What Hackers are Stealing From Victims

The goal of this attack is clear: total data theft. The malware scans the infected computer for any sensitive information it can find. This includes login details for servers, private keys for digital money, and tokens used to access big cloud platforms like Amazon or Google.

If the infected computer is part of a larger business network using Kubernetes, the virus gets even more aggressive. It tries to create special “pods” that give the hackers high level access to the entire company network. This allows them to jump from one machine to another until they find the most valuable data.

Steps to Secure Your Computer Immediately

Security researchers say the only safe version of the Telnyx tool right now is version 4.87.0. The hackers released two bad versions, 4.87.1 and 4.87.2, which both contain the hidden virus. If you see these versions on your computer, you must act fast.

Any system that used the bad software should be considered fully broken and unsafe. Simply deleting the files might not be enough because the hackers may have already stolen your passwords. Experts suggest you change every single password and digital key stored on that machine immediately.

Check your folders for a file named msbuild.exe in your Windows startup area or any strange WAV files in your downloads. If you find them, your computer has been compromised.

This sneaky attack shows that even the most trusted tools can be turned against us. The hackers behind this, TeamPCP, have a history of attacking big tech firms and government systems. They are fast, smart, and very good at hiding their tracks inside files we use every day.

What do you think about hackers hiding viruses in music files? Let us know your thoughts and share this warning with your developer friends on social media to keep them safe.