Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows.

Trend Micro Blog offers insights, analysis, and updates on cybersecurity threats, trends, and best practices. Covering topics such as malware analysis, threat intelligence, and cybersecurity risk management, Trend Micro Blog provides resources for IT security professionals, helping them stay ahead of emerging threats and protect their organizations from cyber attacks.

Trend Micro

TeamPCP, the threat actor behind the earlier LiteLLM supply chain compromise, published two malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI on March 27, 2026. The attack introduces several evasion improvements: split-file code injection across _client.py, WAV-based steganography to deliver credential-stealing payloads at runtime (hiding harvester logic from static analysis), and the campaign's first Windows-specific persistence mechanism via a fake msbuild.exe in the Startup folder. The malicious versions were quarantined after roughly 6.5 hours of exposure. Infrastructure shifted from HTTPS domains to plaintext HTTP on a raw IP, potentially due to prior domain takedowns. Systems that imported the affected versions should be treated as fully compromised; downgrading to Telnyx 4.87.0 is strongly advised. Detection opportunities include WAV file downloads from non-media IPs over port 8080 and outbound HTTP requests with the X-Filename: tpcp.tar.gz header.

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM