PYSEC-2026-3

After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API.

Compromised versions execute code during importing the telnyx module through modifications in _client.py.

The code downloads the next stages from endpoints on the host 83.142.209[.]203, encoded in WAV files. On Windows hosts, the malicious executable is placed in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe for persistence and executed. On other systems, the payload is a Python script. After executing it, generated artifacts are exfiltrated to 83.142.209[.]203.

Version 4.87.1 contains a typo preventing the automated execution of the malicious code.

The code uses the encryption key observed in previous TeamPCP actions. The full compromise of exposed systems and all credentials reachable from them should be assumed. The credentials should be revoked/rotated, and the affected systems isolated and analyzed against malicious actions and modifications.

The two versions have been removed from PyPI, and the project has been reinstated.