TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
ATT&CK techniques detected
T1027.003Steganography
54%
“teampcp ’ s telnyx attack marks a shift in tactics beyond litellm key takeaways - attackers published tainted telnyx versions 4. 87. 1 and 4. 87. 2 to pypi, activating on import via injected code in _ client. py. - the payload uses split file injection, runtime base64 decoding, a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
45%
“payload represents a clear shift in the campaign ' s tradecraft, combining wav - embedded credential - stealing code via steganography, split - file code injection to evade visual inspection, and the campaign ' s first windows - specific persistence mechanism. pypi quarantined ve…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows.