A popular Python package was secretly turned into a weapon, and most of the developers who were affected had no idea it was happening This article explores software packages hacked. . On March 27, 2026, a group of hackers called TeamPCP uploaded two bad versions of the Telnyx Python SDK to PyPI, which is the main place where Python developers get software packages.
The hacked versions were available for about four hours before PyPI stepped in and quarantined them both. The attack had three parts. First, the trojanized package started a loader that was specific to the platform. Second, that loader got a hidden payload from a remote server by hiding it in a WAV audio file using steganography.
Third, the decoded payload used a full credential harvester that quietly gathered SSH keys, cloud provider credentials, Kubernetes secrets, database configs, cryptocurrency wallets, and environment files. There was no visible window when it started up, and it ran automatically every time the user logged in. The method was different on Linux and macOS, but it was just as sneaky.
The code didn't drop a file; instead, it decoded a big Python payload stored in a variable and ran it in a separate child process. Even after the parent application closed, that process kept going.
After that, everything was put into a file and sent to the attacker's server using an HTTP POST request with the header X-Filename: tpcp.tar.gz. This is a signature that shows up in every known TeamPCP campaign and is a strong indicator of network-level detection. Companies should consider any installation of versions 4.87.1 or 4.
87.2 as a confirmed breach and begin incident response right away. All credentials that can be accessed from affected systems must be changed. This includes SSH keys, AWS, GCP, and Azure credentials, Kubernetes tokens, Docker credentials, database passwords, API keys, and any secrets that are stored in environment files.
