Feed
CriticalPublished 27 Mar 20261 package · 2 versions

Telnyx Python SDK hides credential stealer in WAV-file steganography

Summary

TeamPCP published malicious telnyx 4.87.1 and 4.87.2 to PyPI on 27 March 2026 (~670k monthly downloads). Trojanised _client.py downloads steganographic payloads disguised as .wav files over plaintext HTTP, extracts the credential stealer, and persists. Windows variant drops msbuild.exe to the Startup folder; Linux variant uses a user-level systemd service. AES-256-CBC + RSA-4096 envelope for exfil.

maintainer-takeovercredential-theftobfuscationinfostealer
Threat actor
TeamPCP
Detected by
JFrog
Ecosystems
PyPI
Packages tracked
1

What happened

On 27 March 2026 the threat group TeamPCP published two trojanised releases of telnyx (4.87.1 and 4.87.2) — the official Python SDK for the Telnyx voice/SMS platform with roughly 670k monthly downloads. The malicious code lives inside telnyx/_client.py and runs the moment any consumer imports the SDK.

The loader pulls steganographic payloads from 83.142.209.203:8080/hangup.wav and /ringtone.wav over plaintext HTTP. Audio frames hide a base64 + XOR-encoded blob that decrypts into a credential stealer. Exfiltration uses an AES-256-CBC payload wrapped in an RSA-4096 envelope, tagged with the header X-Filename: tpcp.tar.gz.

Persistence is OS-specific:

  • Windows drops msbuild.exe into %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ and uses an .lock companion file.
  • Linux installs a user-level audiomon.service systemd unit under ~/.config/systemd/user/ backed by ~/.config/audiomon/.

This is TeamPCP's second high-impact campaign in a week — JFrog tied the same actor to the earlier litellm PyPI compromise. PyPI quarantined both versions, but any environment that resolved telnyx>=4.87.1 during the live window should treat developer credentials and host metadata as compromised.

Affected packages (1)

  • PyPItelnyx
    4.87.14.87.2

Impact

  • Persistent Windows execution as msbuild.exe in Startup
  • Linux user-level systemd persistence (audiomon.service)
  • Credential and host-metadata exfiltration to attacker C2
  • Targets developers integrating with Telnyx voice/SMS APIs

What to do

  1. 1Downgrade to telnyx 4.87.0 or earlier
  2. 2Delete %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe
  3. 3Remove ~/.config/audiomon/ and ~/.config/systemd/user/audiomon.service
  4. 4Block 83.142.209.203:8080 and the /hangup.wav, /ringtone.wav URIs

References

pypi-2026-03-27-telnyx-teampcp