A threat actor known as TeamPCP has pushed two malicious versions of the telnyx Python package to the official software repository, using an unusual method of hiding data-stealing code within audio files. The compromised versions, 4.87.1 and 4.87.2, were published to the Python Package Index (PyPI) on March 27, 2026, and were designed to harvest sensitive credentials from developers’ systems. This incident marks a continued escalation in software supply chain attacks, directly targeting the tools and infrastructure used by software development teams globally.
Attack Methodology and Discovery
The malicious packages concealed their core payload within a .WAV audio file, a technique known as steganography. This approach allows attackers to hide malicious code within seemingly innocent media files, potentially bypassing initial security scans that may not deeply inspect non-executable formats. When installed, the package executed code to extract and run the hidden payload from the audio file.
The primary function of this payload was to steal sensitive data, including credentials and environment variables, from the infected development machines. The packages impersonated the legitimate ‘telnyx’ library, a communications API tool used for integrating voice, messaging, and video services into applications. Developers who inadvertently installed these versions would have had their systems compromised.
TeamPCP’s Known History
This activity is attributed to the threat group identified as TeamPCP. Security researchers have previously linked this actor to other significant software supply chain attacks. Earlier campaigns involved compromising popular open-source security and AI tools, including Trivy, KICS, and litellm.
In those prior incidents, the group similarly uploaded tampered packages to public repositories like PyPI. Their consistent modus operandi involves exploiting the trust in widely used open-source libraries and the automated update processes within the developer community. The shift to hiding code in WAV files represents an evolution in their tactics to avoid detection.
Impact and Response
The immediate impact is on developers who may have installed versions 4.87.1 or 4.87.2 of the telnyx package during the period they were available on PyPI. The stolen credentials could lead to further breaches of corporate systems, source code repositories, or cloud infrastructure linked to those development environments.
Upon discovery, the malicious packages were reported and subsequently removed from the PyPI repository. The maintainers of the legitimate telnyx package have likely issued warnings to users. Standard security advice in such cases includes auditing installed packages, rotating all potentially exposed credentials and API keys, and conducting security scans on affected systems.
Broader Implications for Software Security
This event underscores the persistent vulnerability of open-source software ecosystems to supply chain attacks. Repositories like PyPI, which are critical to modern software development, are frequent targets because a single compromised package can have a cascading effect across thousands of projects and organizations.
The use of steganography, hiding code in a WAV file, highlights a trend where attackers are moving beyond simple obfuscation to more sophisticated concealment methods. This challenges traditional security tools that may not be configured to perform deep content analysis on every file type a package might contain.
Looking Ahead
Security teams and repository maintainers are expected to increase scrutiny of package uploads, potentially implementing more automated checks for steganography and anomalous code patterns. Developers and organizations are advised to enhance their vigilance by pinning dependency versions, using verified lockfiles, and employing software composition analysis tools to detect anomalies in their dependencies. Further analysis of the malware’s command and control infrastructure by cybersecurity firms is ongoing, which may reveal more about the attackers’ objectives and potential victims.
Source: GeekWire
