Close Menu
    What's Hot

    Cyclospora Linked to Taylor Farms Lettuce Sent to Taco Bell

    China rebukes UK over nationalisation of British Steel | News

    How Andy Burnham Becomes Britain’s New Prime Minister

    Facebook X (Twitter) Instagram
    Trending
    • Cyclospora Linked to Taylor Farms Lettuce Sent to Taco Bell
    • China rebukes UK over nationalisation of British Steel | News
    • How Andy Burnham Becomes Britain’s New Prime Minister
    • He Was a Russian Political Survivor, Until the Masked Men Appeared
    • Do Face Masks Help With Wildfire Smoke? Yes, But More Is Needed
    • Investors say BoE should slow or stop long-dated bond sales
    • New Prime Minister Faces Old Problems: How to Make Britain’s Economy Grow
    • Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

    adminBy adminMarch 28, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
    Share
    Facebook Twitter LinkedIn Pinterest Email

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

    TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.

    The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are recommended to downgrade to version 4.87.0 immediately. The PyPI project is currently quarantined.

    Various reports from Aikido, Endor Labs, Ossprey Security, SafeDep, Socket, and StepSecurity indicate the malicious code is injected into “telnyx/_client.py,” causing it to be invoked when the package is imported into a Python application. The malware is designed to target Windows, Linux, and macOS systems.

    Cybersecurity

    “Our analysis reveals a three-stage runtime attack chain on Linux/macOS consisting of delivery via audio steganography, in-memory execution of a data harvester, and encrypted exfiltration,” Socket said. “The entire chain is designed to operate within a self-destructing temporary directory and leave near-zero forensic artifacts on the host.”

    On Windows, the malware downloads a file named “hangup.wav” from a command-and-control (C2) server and extracts from the audio data an executable that’s then dropped into the Startup folder as “msbuild.exe.” This allows it to persist across system reboots and automatically run every time a user logs in to the system.

    In case the compromised host runs on Linux or macOS, it fetches a different .WAV file (“ringtone.wav”) from the same server to extract a third-stage collector script and run. The credential harvester is designed to capture a wide range of sensitive data and exfiltrate the data in the form of “tpcp.tar.gz” via an HTTP POST request to “83.142.209[.]203:8080.”

    “The standout technique in this sample – and the reason for the post title – is the use of audio steganography to deliver the final payload,” Ossprey Security said. “Rather than hosting a raw executable or a base64 blob on the C2 (both of which are trivially flagged by network inspection and EDR), the attacker wraps the payload inside a .WAV file.”

    It’s currently not known how the package’s PYPI_TOKEN was obtained by TeamPCP, but it’s likely that it was through a prior credential harvesting operation.

    “We believe the most likely vector is the litellm compromise itself,” Endor Labs researchers Kiran Raj and Rachana Misal said. “TeamPCP’s harvester swept environment variables, .env files, and shell histories from every system that imported litellm. If any developer or CI pipeline had both litellm installed and access to the telnyx PyPI token, that token was already in TeamPCP’s hands.”

    What’s notable about the attack is the absence of a persistence mechanism in Linux and macOS and the use of a temporary directory to conduct the malicious actions and recursively delete all its contents once everything is complete.

    “The strategic split is clear. Windows gets persistence: a binary in the Startup folder that survives reboots, providing the threat actor with long-term, repeatable access,” Socket explained. “Linux/macOS gets smash-and-grab: a single, high-speed data harvesting operation that collects everything of value and exfiltrates it immediately, then vanishes.”

    The development comes a few days after the threat actor distributed trojanized versions of the popular litellm Python package to exfiltrate cloud credentials, CI/CD secrets, and keys to a domain under its control.

    The supply chain incident also reflects a new-found maturation, where the threat actor has consistently infected legitimate, trusted packages with massive user bases to distribute malware to downstream users and widen blast radius, rather than directly publishing malicious typosquats to open-source package repositories.

    “The target selection across this campaign focuses on tools with elevated access to automated pipelines: a container scanner (Trivy), an infrastructure scanning tool (KICS), and an AI model routing library (litellm),” Snyk said. “Each of these tools requires broad read access to the systems it operates on (credentials, configs, environment variables) by design.”

    Cybersecurity

    To mitigate the threat, developers are advised to perform the following actions –

    • Audit Python environments and requirements.txt files for telnyx==4.87.1 or telnyx==4.87.2. If found, replace them with a clean version.
    • Assume compromise and rotate all secrets.
    • Look for a file named “msbuild.exe” in the Windows Startup folder.
    • Block the C2 and exfiltration domain (“83.142.209[.]203”).

    The compromise is part of a broader, ongoing campaign undertaken by TeamPCP spanning multiple ecosystems, with the threat actor announcing collaborations with other cybercriminal groups like LAPSUS$ and an emerging ransomware group called Vect to conduct extortion and ransomware operations.

    This also signals a shift where ransomware gangs, which have historically focused on initial access methods like phishing and exploitation of security flaws, are now weaponizing supply chain attacks targeting the open source infrastructure as an entry point for follow-on attacks.

    “This puts a spotlight on anything in CI/CD environments that isn’t locked down,” Socket said. “Security scanners, IDE extensions, build tooling, and execution environments are granted broad access because they’re expected to need it. When attackers are targeting the tools themselves, anything running in the pipeline has to be treated as a potential entry point.”

    files Hides malicious pushes PyPI Stealer TeamPCP Telnyx versions WAV
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleYour tax refund could be delayed—and the IRS says you need to act fast
    Next Article Whoop has LeBron – now it wants your mom
    admin
    • Website

    Related Posts

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    July 17, 2026

    New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

    July 17, 2026

    San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco

    July 17, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Cyclospora Linked to Taylor Farms Lettuce Sent to Taco Bell

    China rebukes UK over nationalisation of British Steel | News

    How Andy Burnham Becomes Britain’s New Prime Minister

    He Was a Russian Political Survivor, Until the Masked Men Appeared

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by