Supply chain [SC] Supply Chain

TeamPCP Telnyx Python SDK PyPI Supply Chain Compromise

2026-03-27 [vendor] Telnyx Python SDK; PyPI [malware] TeamPCP Cloud Stealer
Primary Source ↗

Incident Details

On March 27, 2026 at 03:51 UTC, TeamPCP published two unauthorized malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI. Both versions were quarantined by 10:13 UTC the same day — a window of approximately 6 hours 22 minutes. The malicious packages delivered a steganographically encoded payload hidden within valid WAV audio file frames, which decoded to a multi-stage remote access tool (RAT) and credential stealer that exfiltrated data to 83[.]142[.]209[.]203. Unlike earlier TeamPCP packages, the real payload was fetched at runtime from C2 to minimize the size of the malicious package. Telnyx’s platform, APIs, and infrastructure were not compromised — only the PyPI Python SDK distribution was affected. Users who installed the telnyx package between 03:51-10:13 UTC on March 27, or had dependencies that pulled in unpinned telnyx versions during that window, were potentially compromised. This attack ran concurrently with the LiteLLM/PyPI compromise on the same day. Part of the TeamPCP campaign that spanned March 19-27, 2026, also targeting Trivy (March 19), Checkmarx KICS (March 21), and LiteLLM (March 27 — Mercor downstream breach).

Technical Details

Initial Attack Vector
TeamPCP compromised Telnyx's PyPI publishing credentials (part of their cascading GitHub Actions credential theft campaign) and published two malicious versions of the Telnyx Python SDK to PyPI containing a three-stage RAT payload hidden inside WAV audio file frames
Vendor / Product
Telnyx Python SDK; PyPI
Software Package
telnyx
Malware Family
TeamPCP Cloud Stealer
Supply Chain Attack
✅ Confirmed third-party / vendor compromise

Timeline

  1. 2026-03-27 Breach occurred
  2. 2026-03-27 Publicly disclosed
  3. 2026-03-27 Customers notified