A supply chain attack affecting the telnyx Python package on PyPI has been identified. Malicious versions 4.87.1 and 4.87.2 contained embedded credential-harvesting malware. The attack employs a three-stage runtime chain on Linux/macOS using audio steganography for delivery, in-memory execution of a data harvester, and encrypted exfiltration. On Windows, it drops a persistent binary in the Startup folder. The malware uses sophisticated techniques including fileless execution, hybrid encryption, and anti-forensics measures. The threat actor, TeamPCP, demonstrates high operational security and cryptographic awareness. Developers are advised to audit environments, rotate credentials, and check for indicators of compromise.