EMERGING 2026-03-29 08:35 UTC

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Emerging | Breach, Ttp | via bleepingcomputer & thehackernews

8 sources Quality: 0.92 Type: emerging

KEY FACTS

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file.

Overview

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file.

Organisations Involved

The following organisations are mentioned in relation to this incident: Backdoored Telnyx, Hides Stealer, Pushes Malicious Telnyx Versions, Python Package Index.

Multi-Source Coverage

This event has been reported across multiple outlets:

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files — thehackernews
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio — bleepingcomputer

Sources: bleepingcomputer, thehackernews. Aggregated by Cybernews Agency pipeline.

SOURCES (8)

ENTITIES

Python Package IndexBackdoored Telnyx

DEBUG — Testing Information

AR-ID	ce7f6a10-f4fb-4dc8-a88a-b868fd09812e
NEWS-ID	4fbc5652-1630-4438-a29f-c1bff0eaecad
Article type	emerging
Categories	none
Quality score	0.9210
Generation timestamp	2026-03-29 08:35 UTC
Publish timestamp	2026-03-29 08:35 UTC
Editor corrections	[{"by": "cn-editor", "note": "passed quality checks", "score": 0.921}]

RAW SOURCES (8):

RAW-ID: d6c519d0-e2fe-464e-98f2-46759a18dac1
URL: https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Title: TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

RAW-ID: d80aa05b-9e29-47e2-9bb6-2145537f34b1
URL: https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
Title: Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

RAW-ID: 1cf32def-74a8-4c06-8249-2e85d0637b69
URL: https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
Title: Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

RAW-ID: 36d5ee93-2118-415f-9e7d-d5d609aa5592
URL: https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Title: TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

RAW-ID: ed68164d-9708-4974-bbe0-aa6f5236c8c3
URL: https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Title: TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

RAW-ID: 37f96f94-877b-46b4-9bae-6c00b69a3f14
URL: https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
Title: Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

RAW-ID: 80a9e733-e1ac-47b1-88f1-04e3e020ba0b
URL: https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Title: TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

RAW-ID: 82e479d8-2ea0-4082-819d-a4a2b0740837
URL: https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
Title: Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

ENTITIES:
Python Package Index Backdoored Telnyx

EMBEDDING: 384-dim (present)