TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Publish Date: 2026-03-27 12:53:00
Source Domain: thehackernews.com
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are recommended to downgrade to version 4.87.0 immediately. The PyPI project is currently quarantined.
Various reports from Aikido, Endor Labs, JFrog, Ossprey Security, SafeDep, Socket, and StepSecurity indicate the malicious code is injected into “telnyx/_client.py,” causing it to be invoked when the package is imported into a Python application. The malware is designed to target Windows, Linux, and macOS systems.
“Our analysis reveals a three-stage runtime attack chain on Linux/macOS consisting of delivery via audio steganography, in-memory execution of a data harvester, and encrypted exfiltration,” Socket said. “The entire chain is designed to operate within a self-destructing temporary directory and leave near-zero forensic artifacts on the host.”
On Windows, the malware downloads a file named “hangup.wav” from a command-and-control (C2) server and extracts from the audio data an executable that’s then dropped into the Startup folder as “msbuild.exe.” This allows it to persist across system reboots and automatically run every time a user logs in to the system.
In case the compromised host runs on Linux or macOS, it fetches a different .WAV file (“ringtone.wav”) from the same server to extract a third-stage collector script and run. The credential harvester is designed to capture a wide range of sensitive data and exfiltrate the data in the form of “tpcp.tar.gz” via an HTTP POST request to “83.142.209[.]203:8080.”
“The standout technique in this sample – and the reason for the post title – is the use of audio steganography to deliver the final payload,” Ossprey Security said….
