Vibe Coding
TeamPCP Hits Telnyx PyPI with WAV Steganography: Credential-Stealing Malware in 1M+ Monthly Download Package
On March 27, TeamPCP uploaded malicious telnyx versions 4.87.1 and 4.87.2 to PyPI using a stolen API token. The payload hides encrypted binaries inside WAV audio files — Windows gets a persistent executable in Startup, Linux/macOS gets AES-256-CBC + RSA-4096 encrypted credential exfiltration to C2 at [redacted]:8080. Same RSA public key and tpcp.tar.gz header as the LiteLLM compromise from March 24. Version 4.87.1 had a casing bug preventing execution; 4.87.2 fixed it, making both attack paths functional.
↳ Follow the thread