TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
Summary
The threat actor TeamPCP has compromised the telnyx Python package on PyPI by uploading two malicious versions, 4.87.1 and 4.87.2. These versions, published on March 27, 2026, hide credential harvesting malware within WAV files to steal sensitive data from users.
IFF Assessment
This is bad news for defenders because a known threat actor is actively compromising legitimate software repositories to distribute malware, increasing the risk of supply chain attacks.
Defender Context
Defenders must be vigilant about supply chain risks, particularly when using third-party libraries from public repositories like PyPI. It is crucial to implement robust software composition analysis (SCA) tools and practices, as well as to monitor for suspicious package updates or unusual dependencies.