The official Telnyx Python SDK on PyPI was compromised by the threat actor TeamPCP, who published malicious versions (4.87.1 and 4.87.2) containing credential-harvesting malware. The malware executes upon module import, utilizing audio steganography to deliver OS-specific payloads: a fileless in-memory harvester for Linux/macOS and a persistent binary for Windows, with exfiltrated data secured via hybrid encryption.