PyPI, Supply Chain Attack, CVE-2026-1234 (Critical)

Listen to this Post

The attack leverages compromised PyPI credentials to upload malicious package versions directly, bypassing the legitimate GitHub release pipeline. The root cause is the exposure of the PyPI API token, allowing the attacker to publish unauthorized versions. The malware is embedded in `telnyx/_client.py` with 74 additional lines of code. Upon import telnyx, the malicious code executes. On Linux/macOS, it spawns a detached subprocess that downloads a steganographic payload from a C2 server hidden inside a WAV file. This payload harvests credentials including SSH keys, cloud provider tokens, Kubernetes secrets, and crypto wallets. It then uses AES-256-CBC with RSA-4096 encryption for exfiltration. On Windows, a binary is downloaded from a different WAV endpoint and dropped as `msbuild.exe` in the Startup folder for persistence. The attacker first published a broken version (4.87.1) with a casing error (Setup() instead of setup()), then published a functional version (4.87.2) 16 minutes later. Both versions were available on PyPI for approximately 6 hours before being quarantined.

dailycve form:

Platform: PyPI
Version: 4.87.1, 4.87.2
Vulnerability: Credential-stealing malware
Severity: Critical
date: 2026-03-27

Prediction: Patch available (4.87.0)

Analytics under What Undercode Say:

Check installed version
pip show telnyx | grep Version
Check pip cache
pip cache list telnyx 2>/dev/null
Check installation timestamp
ls -la $(python -c "import site; print(site.getsitepackages()[bash])")/telnyx 2>/dev/null
Verify safe hash
echo "5aeb8172c29ade224e6c2d166713f304596aa21e3dbfa5b6b2b028e6997f6bd2 telnyx-4.87.0-py3-none-any.whl" | sha256sum -c

Exploit:

The exploit is initiated when a user runs `pip install telnyx` without pinning a version, pulling version 4.87.2. Upon import, the code in `_client.py` executes. It checks the OS and proceeds with the respective payload download and execution chain. On Linux, it establishes persistence via a systemd user service (audiomon.service) and downloads the steganographic payload from `http://83.142.209.203:8080/ringtone.wav`. On Windows, it downloads a binary from `http://83.142.209.203:8080/hangup.wav` and writes it to the Startup folder.

Protection from this CVE

Pin dependencies to a safe version: telnyx==4.87.0. Use a dependency lockfile (e.g., `requirements.txt` with hashes) and verify package hashes upon installation. Implement a software supply chain firewall or internal PyPI proxy to block malicious versions. Regularly audit PyPI API tokens and rotate them immediately if compromised. Monitor for the IoCs, such as the C2 IP `83.142.209.203` and filesystem artifacts like `~/.config/audiomon/` or `msbuild.exe` in the Startup folder.

Impact:

Successful exploitation results in a complete compromise of developer workstations and CI/CD environments. Attackers can steal all credentials, including SSH keys, cloud provider tokens (AWS, GCP, Azure), Kubernetes tokens, database passwords, and API keys. The malware can laterally move within Kubernetes clusters by deploying privileged pods, potentially compromising the entire infrastructure. All data accessible from the infected environment is at risk of exfiltration and further exploitation.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top