TeamPCP injected a WAV steganography-based credential stealer into telnyx Python SDK versions 4.87.1 and 4.87.2 on PyPI. The attack modifies a single file (telnyx/_client.py) and executes on import. On Linux/macOS, it fetches a WAV file from attacker infrastructure, extracts a hidden Python credential harvester via base64+XOR decoding of audio frames, runs it in-memory, then encrypts stolen credentials with AES-256-CBC and RSA-4096 before exfiltrating them as tpcp.tar.gz. On Windows (only functional in 4.87.2 due to a capitalization bug in 4.87.1), it drops a PE binary disguised as msbuild.exe into the Startup folder for persistence. Attribution to TeamPCP is high-confidence based on an identical RSA-4096 public key, identical encryption scheme, and the tpcp.tar.gz exfiltration signature also seen in the litellm supply chain compromise three days earlier. Affected users should downgrade to 4.87.0 and rotate all credentials immediately.
Table of contents
Background: What Is telnyx?The Injection: A Single Compromised FileThe 4.87.1 → 4.87.2 Fix: Activating the Windows AttackPlatform-Specific Attack PathsThe RSA-4096 Public Key: Fingerprinting TeamPCPAttribution: TeamPCPControlled Execution AnalysisIndicators of CompromiseRemediationHow StepSecurity HelpsThreat CenterSort: