Defending Against the TeamPCP Telnyx Supply Chain Attack: Detection & Remediation
Introduction
The open-source ecosystem remains a prime target for threat actors seeking to infiltrate enterprise environments. Recently, the threat actor known as TeamPCP—already notorious for attacks on tools like Trivy and KICS—has struck again. This time, they have compromised the telnyx Python package by pushing malicious versions to the Python Package Index (PyPI).
These malicious packages, versions 4.87.1 and 4.87.2, appear legitimate but contain a dangerous payload: a credential stealer concealed within a .wav audio file. For defenders, this highlights the evolving sophistication of supply chain attacks where malicious code is obfuscated within benign file types to evade static analysis. Security teams must act immediately to identify if these packages have been introduced into their environments and prevent potential data exfiltration.
Technical Analysis
Threat Actor: TeamPCP
Target Repository: Python Package Index (PyPI)
Affected Package: telnyx
Malicious Versions: 4.87.1, 4.87.2
Publication Date: March 27, 2026
TeamPCP utilized a typosquatting or account takeover technique (or simply compromised the maintainer's account) to upload these versions. The core of the attack lies in the obfuscation method. Instead of a straightforward malicious script, the payload is embedded inside a .wav file located within the package directory. When the package is imported or executed, the code reads this audio file, extracts the hidden bytecode or script, and executes it.
Once executed, the stealer attempts to harvest sensitive data, including environment variables, credentials, and potentially cloud keys. The use of a media file (.wav) helps bypass basic security filters that might scan for executable extensions or suspicious script content within code files.
Severity: High. If successful, attackers gain access to developer credentials and potentially internal systems connected to the Telnyx communication APIs or other secrets stored in the environment.
Defensive Monitoring
To protect your organization against this and similar supply chain threats, Security Arsenal recommends implementing the following detection rules and hunt queries.
SIGMA Rules
The following SIGMA rule detects the installation of the specific malicious versions of the telnyx package. This rule is designed to be converted for your SIEM (Splunk, Elastic, Sentinel, QRadar).
---
title: Potential Malicious Telnyx Package Installation via Pip
id: 9e4d2f1a-5b6c-4d7e-8f9a-1b2c3d4e5f6a
status: experimental
description: Detects the installation of malicious telnyx versions (4.87.1 or 4.87.2) associated with the TeamPCP supply chain attack.
references:
- https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
author: Security Arsenal Research
date: 2026-03-28
tags:
- attack.initial_access
- attack.t1195.002
- attack.software_supply_chain
logsource:
category: process_creation
product: windows
detection:
selection:
Image|endswith:
- '\python.exe'
- '\pip.exe'
CommandLine|contains: 'install'
CommandLine|contains: 'telnyx'
CommandLine|contains:
- '4.87.1'
- '4.87.2'
condition: selection
falsepositives:
- Legitimate installation by a developer unaware of the compromise
level: critical
KQL (Microsoft Sentinel/Defender)
Use these KQL queries to hunt for suspicious package installations and potential follow-on activity involving Python processes loading unexpected media files.
// Hunt for installation of malicious Telnyx versions
DeviceProcessEvents
| where Timestamp > datetime(2026-03-27)
| where ProcessCommandLine has_any ("pip", "pip3") and ProcessCommandLine has "install"
| where ProcessCommandLine has "telnyx" and (ProcessCommandLine has "4.87.1" or ProcessCommandLine has "4.87.2")
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
// Hunt for Python processes accessing .wav files (potential payload extraction)
DeviceFileEvents
| where Timestamp > datetime(2026-03-27)
| where InitiatingProcessFileName endswith "python.exe"
| where FileName endswith ".wav"
| project Timestamp, DeviceName, InitiatingProcessCommandLine, FolderPath, FileName
| take 100
Velociraptor VQL
For endpoint threat hunting, use these Velociraptor artifacts to scan for the presence of the malicious package files and the suspicious .wav payload within Python library directories.
-- Hunt for malicious telnyx package versions in site-packages
SELECT FullPath, Size, Mtime, Sys.MD5Hash
FROM glob(globs='C:/Users/*/AppData/Local/Programs/Python/*/Lib/site-packages/telnyx-*.dist-info/**')
WHERE FullPath =~ "telnyx" AND (
parse_string(filename=FullPath, regex="telnyx-(4\.(87\.[12]))").Groups[0] = "4.87.1"
OR parse_string(filename=FullPath, regex="telnyx-(4\.(87\.[12]))").Groups[0] = "4.87.2"
)
-- Hunt for suspicious .wav files in python library paths (payload hiding)
SELECT FullPath, Size, Mtime
FROM glob(globs='**/site-packages/**/*.wav')
WHERE NOT FullPath =~ "test"
Remediation Scripts
PowerShell (Windows Verification) Run this script on developer workstations or build servers to check for the presence of the compromised versions.
# Check for malicious Telnyx versions
$maliciousVersions = @("4.87.1", "4.87.2")
Write-Host "Checking installed Python packages for malicious telnyx versions..." -ForegroundColor Cyan
try {
$pipList = pip list 2>$null
if ($pipList -match "telnyx") {
# Extract the line containing telnyx
$telnyxLine = $pipList | Select-String "^telnyx\s+"
if ($telnyxLine) {
$parts = $telnyxLine.Line -split "\s+"
$installedVersion = $parts[1]
if ($maliciousVersions -contains $installedVersion) {
Write-Host "[ALERT] Malicious version $installedVersion detected!" -ForegroundColor Red
Write-Host "Action Required: Uninstall immediately using: pip uninstall telnyx" -ForegroundColor Yellow
} else {
Write-Host "[INFO] Telnyx version $installedVersion is currently not marked as malicious." -ForegroundColor Green
}
}
} else {
Write-Host "[INFO] Telnyx package is not installed." -ForegroundColor Green
}
} catch {
Write-Host "Error executing pip check. Ensure Python/Pip is in PATH." -ForegroundColor Red
}
**Bash (Linux/macOS Verification)**
#!/bin/bash
# Check for malicious Telnyx versions
echo "Checking installed Python packages for malicious telnyx versions..."
MALICIOUS_VERSIONS=("4.87.1" "4.87.2")
# Check if telnyx is installed
if pip show telnyx > /dev/null 2>&1; then
# Get version
INSTALLED_VERSION=$(pip show telnyx | grep Version | awk '{print $2}')
echo "Found Telnyx version: $INSTALLED_VERSION"
# Check against malicious versions
for v in "${MALICIOUS_VERSIONS[@]}"; do
if [ "$INSTALLED_VERSION" == "$v" ]; then
echo "[ALERT] Malicious version $v detected!"
echo "Action Required: Uninstall immediately using: pip uninstall telnyx"
exit 1
fi
done
echo "[INFO] Version $INSTALLED_VERSION is not currently marked as malicious."
else
echo "[INFO] Telnyx package is not installed."
fi
Remediation
If your environment is affected by this supply chain attack, take the following steps immediately:
- Identify and Uninstall: Audit all developer workstations, build servers, and CI/CD pipelines. Uninstall the malicious package immediately: bash
pip uninstall telnyx
- Update to Safe Version: Reinstall the package from a trusted source or verify the latest safe version with the vendor.
- Credential Rotation: Assume that any credentials (API keys, tokens, passwords) stored in environment variables or configuration files on affected systems may have been compromised. Rotate these secrets immediately.
- Review Dependencies: Implement a Software Bill of Materials (SBOM) analysis or use a Software Composition Analysis (SCA) tool to block known malicious package versions automatically in the future.
- Network Analysis: Check network logs for any suspicious outbound connections originating from systems where the package was executed, particularly around the dates of installation.
Related Resources
Security Arsenal Alert Triage Automation AlertMonitor Platform Book a SOC Assessment platform Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.