ON March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI, specifically versions 4.87.1 and 4.87.2. The telnyx package had been downloaded 742,000 times in the 30 days before the compromise, meaning many environments would have pulled a malicious release during upgrade.
The attack encrypts stolen data with AES-256-CBC and RSA-4096 and exfiltrates it via a tar[.]gz payload to a C2 server at 83.142.209[.]203:8080, using WAV-delivered payloads named ring tone[.]wav for Linux/macOS and hangup[.]wav for Windows. Windows victims receive a persistent drop in the Startup folder as msbuild[.]exe, guarded by a 12-hour lock file to avoid reinstallation, with the Windows binary fetched from hangup[.]wav decoded at runtime.
The campaign is attributed to TeamPCP based on signals including a shared RSA-4096 key and a tpcp.tar[.]gz exfiltration signature, linking it to a broader litellm-related activity observed three days earlier.