{"id":"PYSEC-2026-3","summary":"Two telnyx versions published containing credential harvesting malware","details":"After an API token exposure from an exploited Trivy dependency,\ntwo new releases of `telnyx` were uploaded to PyPI containing automatically activated malware,\nharvesting sensitive credentials and files, and exfiltrating to a remote API.\n\nCompromised versions execute code during importing the `telnyx` module through modifications in `_client.py`.\n\nThe code downloads the next stages from endpoints on the host 83.142.209[.]203, encoded in WAV files.\nOn Windows hosts, the malicious executable is placed in \n`%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\msbuild.exe`\nfor persistence and executed.\nOn other systems, the payload is a Python script.\nAfter executing it, generated artifacts are exfiltrated to 83.142.209[.]203.\n\nVersion 4.87.1 contains a typo preventing the automated execution of the malicious code.\n\nThe code uses the encryption key observed in previous TeamPCP actions.\nThe full compromise of exposed systems and all credentials reachable from them should be assumed. \nThe credentials should be revoked/rotated, and the affected systems isolated\nand analyzed against malicious actions and modifications.\n\nThe two versions have been removed from PyPI, and the project has been reinstated.\n","modified":"2026-04-07T07:45:08.274809Z","published":"2026-03-27T17:06:59.236359Z","references":[{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/telnyx/4.87.2/packages/3c/89/bff9e644b1076b96ba1e23deb2b7acffa9fe84166219ba9cb47cf356b7ec/telnyx-4.87.2.tar.gz/telnyx-4.87.2/src/telnyx/_client.py#line.7825"},{"type":"REPORT","url":"https://github.com/team-telnyx/telnyx-python/issues/235"},{"type":"ARTICLE","url":"https://www.endorlabs.com/learn/teampcp-strikes-again-telnyx-compromised-three-days-after-litellm"},{"type":"ARTICLE","url":"https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm"}],"affected":[{"package":{"name":"telnyx","ecosystem":"PyPI","purl":"pkg:pypi/telnyx"},"versions":["4.87.1","4.87.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/telnyx/PYSEC-2026-3.yaml"}}],"schema_version":"1.7.5","credits":[{"name":"Caleb Brown (Google Open Source Security Team)","type":"REPORTER"},{"name":"Henrik Plate (Endor Labs)","type":"REPORTER"},{"name":"Mike Fiedler","type":"COORDINATOR"},{"name":"Kamil Mańkowski","type":"ANALYST"}]}