Popular LiteLLM PyPI Package Backdoored To Steal Credentials, Auth Tokens

joshuark shares a report from BleepingComputer: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. The package is very popular, with over 3.4 million downloads a day and over 95 million in the past month. According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer that harvests a wide range of sensitive data.

[…] Both malicious LiteLLM versions have been removed from PyPI, with version 1.82.6 now the latest clean release. […] If compromise is suspected, all credentials on affected systems should be treated as exposed and rotated immediately. […] Organizations that use LiteLLM are strongly advised to immediately:

– Check for installations of versions 1.82.7 or 1.82.8
– Immediately rotate all secrets, tokens, and credentials used on or found within code on impacted devices.
– Search for persistence artifacts such as ‘~/.config/sysmon/sysmon.py’ and related systemd services
– Inspect systems for suspicious files like ‘/tmp/pglog’ and ‘/tmp/.pg_state’
– Review Kubernetes clusters for unauthorized pods in the ‘kube-system’ namespace
– Monitor outbound traffic to known attacker domains