TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file.

The supply-chain attack was observed by application security firms Aikido, Socket, and Endor Labs, and was attributed to TeamPCP based on the same exfiltration pattern and RSA key seen in previous incidents caused by the same actor.

TeamPCP is responsible for multiple recent supply-chain (e.g., Aqua Security’s Trivy vulnerability scanner, the open-source Python library LiteLLM) and wiper attacks targeting Iranian systems.