TeamPCP, the threat actor behind the earlier LiteLLM supply chain compromise, published two malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI on March 27, 2026. The attack introduces several evasion improvements: split-file code injection across _client.py, WAV-based steganography to deliver credential-stealing payloads at runtime (hiding harvester logic from static analysis), and the campaign's first Windows-specific persistence mechanism via a fake msbuild.exe in the Startup folder. The malicious versions were quarantined after roughly 6.5 hours of exposure. Infrastructure shifted from HTTPS domains to plaintext HTTP on a raw IP, potentially due to prior domain takedowns. Systems that imported the affected versions should be treated as fully compromised; downgrading to Telnyx 4.87.0 is strongly advised. Detection opportunities include WAV file downloads from non-media IPs over port 8080 and outbound HTTP requests with the X-Filename: tpcp.tar.gz header.
Sort: