Sponsored by ThreatLocker - https://threatlocker.com/ericparker
Official Discord Server - https://discord.gg/cqqWYDdcBn
Follow me on X - https://www.twitter.com/atericparker | atericparker.bsky.social
Sources: 
https://www.endorlabs.com/learn/teampcp-isnt-done
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm
https://juliet.sh/blog/trivy-supply-chain-compromise-what-kubernetes-teams-need-to-know
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html 



Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking or piracy.



(C) Eric Parker 2026

Eric Parker

A detailed breakdown of the Team PCP supply chain attack campaign, covering multiple compromised security tools including Trivy and Checkmarx, a malicious npm worm, and trojanized VS Code extensions on Open VSX. The most technically interesting aspect involves steganography: malware hidden inside valid WAV audio files and PNG images, decoded via XOR to drop payloads. The analysis also covers a Python .pth file persistence trick, ETW patching to evade EDR telemetry, and C2 communication disguised with lookalike domains. Mitigation advice focuses on least-privilege GitHub Actions tokens, zero-trust principles, and regular credential rotation.

They hid Malware in Audio?