Ethical Hacking News
TeamPCP has pushed two malicious versions of the telnyx Python package to PyPI, hiding a stealer within .WAV files and targeting Windows, Linux, and macOS systems. This marks a new chapter in TeamPCP's evolution as a threat actor, with the attack highlighting the need for enhanced security measures in CI/CD environments.
TeamPCP pushed malicious versions of the telnyx Python package to PyPI, targeting Windows, Linux, and macOS systems. The attack used audio steganography to hide a stealer within .WAV files, allowing TeamPCP to siphon sensitive data from unsuspecting users. TeamPCP gained access to the telnyx package by obtaining its PYPI_TOKEN through an unspecified means, likely via prior compromise. The malicious code was injected into \"telnyx/_client.py,\" causing it to be invoked when the package was imported into a Python application. The attack provides insight into how threat actors are turning their attention to trusted packages with large user bases as a means to expand their reach.
The cybersecurity landscape has just been rocked by a new development, as reports have surfaced about TeamPCP pushing malicious versions of the telnyx Python package to PyPI (Python Package Index), with the added twist that they hid a stealer within .WAV files. This sinister tactic allows them to siphon sensitive data from unsuspecting users, leaving many in the cybersecurity community scratching their heads and wondering how this could have occurred.
First off, it's essential to understand that TeamPCP has been at the center of several high-profile supply chain attacks in recent times, most notably the attack on Trivy, KICS, and litellm. These incidents highlight a new trend where threat actors are turning their attention to trusted packages with large user bases as a means to expand their reach.
In this case, TeamPCP managed to gain access to the telnyx package by obtaining its PYPI_TOKEN through an unspecified means, likely via a prior compromise. The two malicious versions of the package (4.87.1 and 4.87.2) were published to PyPI on March 27th, with one containing a hidden executable that was extracted from a .WAV file and the other being free from this payload but harboring its own set of vulnerabilities.
The interesting thing about this operation is that the malicious code was injected into "telnyx/_client.py," causing it to be invoked when the package was imported into a Python application. This implies a level of sophistication in terms of how the attack was carried out, with the use of audio steganography being particularly noteworthy.
According to various reports from Aikido, Endor Labs, Ossprey Security, SafeDep, Socket, and StepSecurity, the malicious code is designed to target Windows, Linux, and macOS systems. The malware does this by downloading a file named "hangup.wav" or "ringtone.wav" from a command-and-control server depending on whether it's operating on Windows or Linux/macOS respectively.
Once downloaded, these files are used to extract an executable that drops into the Startup folder as "msbuild.exe." This provides persistence and allows the malware to run automatically every time a user logs in. For Linux and macOS systems, however, the malware uses a different .WAV file ("ringtone.wav") to fetch another payload, execute it, and then vanish.
The use of temporary directories to conduct malicious actions on Linux and macOS is also noteworthy, as it implies an effort to leave minimal forensic artifacts on these systems. This is in contrast to Windows where persistence has been achieved through the inclusion of "msbuild.exe" in the Startup folder.
This supply chain attack marks a new chapter for TeamPCP, with the threat actor now openly using legitimate package repositories as a means to distribute malware and steal sensitive data from users. The fact that it's not just limited to direct typosquatting but also involves compromised packages with significant user bases speaks to its level of sophistication.
This incident highlights the importance of maintaining up-to-date software, regularly scanning for vulnerabilities, and closely monitoring package repositories to prevent similar attacks in the future. It also emphasizes the need for enhanced security measures in CI/CD environments, where broad access is granted due to the nature of these tools.
In conclusion, TeamPCP's malicious push of the telnyx Python package is just another example of how threat actors are evolving their tactics and exploiting vulnerabilities in the open-source ecosystem. As we move forward, cybersecurity awareness and vigilance will be crucial in preventing such attacks and ensuring that users remain protected from these increasingly sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Malicious-Telnyx-Package-Scandal-How-TeamPCP-Hid-Stealer-in-WAV-Files-ehn.shtml
https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
https://www.mend.io/blog/famous-telnyx-pypi-package-compromised-by-teampcp/
https://thecybersecguru.com/news/teampcp-supply-chain-attack/
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html
https://www.aikido.dev/blog/allseek-and-haicker-are-joining-aikido
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://simplysecuregroup.com/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/
https://www.endorlabs.com/learn/teampcp-isnt-done
https://en.wikipedia.org/wiki/Double_Dragon_(hacking_group)
https://www.cybersecurity-insiders.com/apt-iran-hackers-steal-over-375tb-of-data-from-lockheed-martine/
https://cloud.google.com/security/resources/insights/apt-groups
https://security.muni.cz/en/articles/hacker-elites-how-the-most-dangerous-apt-groups-operate
Published: Fri Mar 27 16:21:15 2026 by llama3.2 3B Q4_K_M
