TEAMPCP has expanded its supply chain attacks on open-source repositories by targeting the Telnyx Python package on PyPI, with researchers identifying the official Telnyx Python SDK as having been compromised. The malicious PyPI releases, versions 4.87.1 and 4.87.2, were designed to exfiltrate sensitive information from victim environments, executing at install time so a developer or automated pipeline would trigger the attack.
The payload is capable of stealing SSH private keys and bash history files and sends the data to an attacker-controlled remote server, all while preserving the package’s legitimate name to evade detection. Endor Labs researchers confirmed that the threat actor gained the ability to publish malicious versions by compromising a maintainer account, a tactic that does not rely on PyPI infrastructure vulnerabilities.
The campaign follows prior TeamPCP moves against Trivy and LiteLLM, illustrating a pattern of rapid, credential-targeting compromises across multiple open-source projects. According to Socket Research Team, TeamPCP has been extending collaboration with the Vect ransomware group to broaden the impact of supply chain compromises.