Inside TeamPCP’s Shell Arsenal

This report details a March 2026 supply-chain campaign by a threat actor named TeamPCP that compromised multiple open-source projects (notably Trivy and LiteLLM) to deploy a family of lightweight shell loaders and credential-stealers that harvest CI/CD and cloud secrets, execute in-memory Python payloads, deploy Kubernetes persistence (privileged pods/daemonsets), and exfiltrate encrypted data to typo-squatted domains and Cloudflare tunnels; the document includes MD5 hashes, domains, TTP mappings, and recommended detection IOCs.