TeamPCP has expanded its supply chain attacks by compromising the telnyx Python package with two malicious versions designed to steal sensitive data across multiple operating systems. Users are urged to downgrade to version 4.87.0 immediately as the infected versions, 4.87.1 and 4.87.2, have been quarantined on the PyPI repository.
The malicious activity begins when the compromised package is imported, triggering code injected into a core client file that targets Windows, Linux, and macOS systems. This attack utilizes a sophisticated three-stage runtime chain that prioritizes stealth by operating within temporary directories. To avoid detection by security software, the threat actors hide their data-harvesting payloads inside audio files, a technique known as steganography.
On Windows machines, the malware downloads a specific audio file from a command-and-control server and extracts an executable that is placed in the system startup folder. This ensures the malicious program persists and runs automatically every time the user logs in. By disguising the executable as a common system file, the attackers aim to remain hidden while maintaining a long-term presence on the infected host.
For systems running Linux or macOS, the malware fetches a different audio file to deploy a collector script that harvests credentials and other sensitive information. The collected data is then compressed into a single archive and exfiltrated to a remote server via an encrypted connection. This process is designed to leave minimal forensic evidence behind, making it difficult for investigators to track the theft after the fact.
Security researchers note that using audio steganography is a strategic choice to bypass network inspection tools that would typically flag raw executables. While this campaign shares similarities with previous attacks by the same group, it represents an evolution in their methods by shifting toward remote downloads of obfuscated files. This transition makes the attack harder to identify through static analysis of the package code itself.
Source: https://www.ox.security/blog/telnyx-malware-teampcp-strikes-again-following-litellm-compromise/