PYSEC-2026-3
Two telnyx versions published containing credential harvesting malware
Details
After an API token exposure from an exploited Trivy dependency, two new releases of `telnyx` were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API.
Compromised versions execute code during importing the `telnyx` module through modifications in `_client.py`.
The code downloads the next stages from endpoints on the host 83.142.209[.]203, encoded in WAV files. On Windows hosts, the malicious executable is placed in `%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe` for persistence and executed. On other systems, the payload is a Python script. After executing it, generated artifacts are exfiltrated to 83.142.209[.]203.
Version 4.87.1 contains a typo preventing the automated execution of the malicious code.
The code uses the encryption key observed in previous TeamPCP actions. The full compromise of exposed systems and all credentials reachable from them should be assumed. The credentials should be revoked/rotated, and the affected systems isolated and analyzed against malicious actions and modifications.
The two versions have been removed from PyPI, and the project has been reinstated.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for telnyx (pip). Pin to a known-safe version or switch to an alternative.
References
- https://inspector.pypi.io/project/telnyx/4.87.2/packages/3c/89/bff9e644b1076b96ba1e23deb2b7acffa9fe84166219ba9cb47cf356b7ec/telnyx-4.87.2.tar.gz/telnyx-4.87.2/src/telnyx/_client.py#line.7825 [EVIDENCE]
- https://github.com/team-telnyx/telnyx-python/issues/235 [REPORT]
- https://www.endorlabs.com/learn/teampcp-strikes-again-telnyx-compromised-three-days-after-litellm [ARTICLE]
- https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm [ARTICLE]