Supply chain
[SC] Supply Chain
TeamPCP Telnyx Python SDK PyPI Supply Chain Compromise
Primary Source ↗Incident Details
On March 27, 2026 at 03:51 UTC, TeamPCP published two unauthorized malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI. Both versions were quarantined by 10:13 UTC the same day — a window of approximately 6 hours 22 minutes. The malicious packages delivered a steganographically encoded payload hidden within valid WAV audio file frames, which decoded to a multi-stage remote access tool (RAT) and credential stealer that exfiltrated data to 83[.]142[.]209[.]203. Unlike earlier TeamPCP packages, the real payload was fetched at runtime from C2 to minimize the size of the malicious package. Telnyx’s platform, APIs, and infrastructure were not compromised — only the PyPI Python SDK distribution was affected. Users who installed the telnyx package between 03:51-10:13 UTC on March 27, or had dependencies that pulled in unpinned telnyx versions during that window, were potentially compromised. This attack ran concurrently with the LiteLLM/PyPI compromise on the same day. Part of the TeamPCP campaign that spanned March 19-27, 2026, also targeting Trivy (March 19), Checkmarx KICS (March 21), and LiteLLM (March 27 — Mercor downstream breach).
Technical Details
- Initial Attack Vector
- TeamPCP compromised Telnyx's PyPI publishing credentials (part of their cascading GitHub Actions credential theft campaign) and published two malicious versions of the Telnyx Python SDK to PyPI containing a three-stage RAT payload hidden inside WAV audio file frames
- Vendor / Product
- Telnyx Python SDK; PyPI
- Software Package
telnyx- Malware Family
- TeamPCP Cloud Stealer
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2026-03-27 Breach occurred
- 2026-03-27 Publicly disclosed
- 2026-03-27 Customers notified