TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package
On March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI. The group was identified by shared cryptographic signatures and exfiltration methods matching their earlier litellm compromise.
- Disclosed
- Last updated
- Blast radius
- Distributed via PyPI; affected all users who installed the malicious telnyx SDK releases. Scope depends on adoption of the two compromised releases.
- Ecosystems
- Attack vectors
- Affected entities
- telnyxPython SDK; two releases compromised with WAV steganography credential stealer
On March 27, 2026, the TeamPCP threat actor group compromised two releases of the telnyx Python SDK on PyPI by injecting malicious code implementing a credential stealer using WAV steganography. The attack was disclosed via issue team-telnyx/telnyx-python#235.
TeamPCP was identified as the same threat actor behind the litellm supply chain compromise, which occurred approximately three days earlier (around March 24, 2026). Attribution was based on overlapping indicators of compromise: a shared RSA-4096 public key, identical encryption schemes used in both attacks, and the distinctive tpcp.tar.gz exfiltration signature present in both incidents.
The use of WAV steganography as a credential exfiltration mechanism represents a sophisticated obfuscation technique designed to evade detection and hide stolen credentials within audio data.
Indicators of compromise
- Packages
- telnyx
Remediation
- Immediately revoke and rotate any credentials that may have been exposed through systems running the compromised telnyx SDK releases
- Audit PyPI package installation logs to identify which versions of telnyx were deployed and when
- Update to a patched version of telnyx Python SDK once released by Telnyx
- Scan systems for indicators of the tpcp.tar.gz exfiltration artifact and associated RSA-4096 key signatures
- Review authentication logs for suspicious activity during the window when malicious releases were available on PyPI
Sources
Cite this entry
"TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed March 27, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/teampcp-plants-wav-steganography-credential-stealer-in-telnyx-pypi-package-iwek9d
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.
PyPICompromised package - activecritical
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.
PyPICompromised package - resolvedhigh
durabletask: TeamPCP's Latest PyPi Compromise
Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.
PyPICompromised package - containedcritical
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack
Three malicious versions of Microsoft's durabletask Python package were published to PyPI on May 19, 2026, containing a 28 KB payload that steals credentials from cloud providers (AWS, Azure, GCP), Kubernetes, password managers, and developer tools. The attack has been attributed to the TeamPCP threat group and exhibits indicators of Eastern European cybercrime operations.
PyPICompromised package