TeamPCP uploaded malicious versions of the telnyx Python SDK to PyPI, compromising a package with 750,000 monthly downloads. The attack uses a three-stage architecture: a trojanized package triggers a platform-specific loader, which downloads a second-stage payload hidden in a WAV file using steganography, deploying a credential harvester. The harvester steals various credentials, encrypts them, and exfiltrates to the attacker's C2. The attack works across major operating systems and spreads through Kubernetes clusters. This is part of a broader TeamPCP supply chain campaign that has targeted multiple packages over nine days. The sophisticated attack includes WAV and PNG steganography, hybrid encryption, Kubernetes lateral movement, and a full-featured RAT on Windows with advanced evasion techniques.