The TeamPCP threat actor compromised the Telnyx Python SDK on PyPI, injecting malicious code that executes upon import. The attack utilizes split-file injection and WAV audio steganography to deliver credential-stealing malware, establishing persistence on Windows systems and exfiltrating data via plaintext HTTP.