BotBeat
...
← Back

> ▌

N/AN/A
INDUSTRY REPORTN/A2026-03-27

Telnyx PyPI Package Compromised in Ongoing TeamPCP Supply Chain Attack Campaign

Key Takeaways

  • ▸Telnyx PyPI package compromised with malware hidden in WAV files using steganography and XOR obfuscation
  • ▸Part of coordinated TeamPCP campaign spanning multiple ecosystems (npm, PyPI, GitHub Actions) over two weeks
  • ▸Attack chain leverages stolen credentials from unpinned CI/CD tools to compromise high-impact packages
Source:
Hacker Newshttps://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm↗

Summary

The popular Telnyx Python SDK on PyPI has been compromised as part of an escalating multi-week supply chain attack campaign by the threat actor TeamPCP. Malicious versions of the package were uploaded on March 27, featuring sophisticated malware that uses WAV file steganography to deliver payloads. The attack follows a consistent pattern: stealing credentials from trusted security tools, then using those credentials to inject backdoors into packages with broad downstream reach.

The Telnyx compromise is the latest in a series targeting major tools and services. Previous targets include Aqua Security's Trivy vulnerability scanner (March 19), 46+ npm packages via CanisterWorm (March 20), Checkmarx GitHub Actions (March 23), and LiteLLM's PyPI package (March 24), which serves 95 million monthly downloads. The campaign demonstrates sophisticated evasion techniques, including XOR obfuscation, AES-256-CBC encryption, and RSA-4096 key wrapping for exfiltrated data.

The malware executes at import time with no disabling mechanisms, making it difficult to prevent execution. On Windows, it downloads and decodes an executable hidden in audio frames, installing it as msbuild.exe in the Startup folder for persistence. On Linux/Mac, it fetches a complete Python script embedded in WAV files, exfiltrating system data encrypted with attacker-controlled RSA keys.

  • Malware executes at import time with sophisticated persistence and encryption mechanisms to evade detection
  • LiteLLM compromise particularly concerning as it manages credentials for OpenAI, Anthropic, AWS, and GCP services
MLOps & InfrastructureCybersecurityOpen Source

More from N/A

N/AN/A
POLICY & REGULATION

China's Universities Cut 12,000 'Obsolete' Degrees Amid Race to Embrace AI Era

2026-06-16
N/AN/A
POLICY & REGULATION

Argentina Proposes 'Non-Human Corporations' Legislation to Enable AI-Owned Companies

2026-06-15
N/AN/A
POLICY & REGULATION

New York Becomes First State to Require AI 'Synthetic Performer' Labels in Ads

2026-06-10

Comments

Suggested

LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
AppleApple
RESEARCH

Researchers Discover Six Vulnerabilities in Apple AirDrop and Google/Samsung Quick Share Protocols

2026-07-04
AnthropicAnthropic
RESEARCH

Anthropic Study Reveals AI Agent Memory Retrieval Accuracy at Just 9%, Exposing Infrastructure Challenges

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us