TeamPCP compromised the widely used LiteLLM Python package on PyPI, publishing malicious 1.82.7 and 1.82.8 releases that install an infostealer and persistence mechanisms. The campaign, linked to the Trivy supply‑chain breach, reportedly exfiltrated data from roughly 500,000 devices and requires immediate secret rotation, artifact hunting, and Kubernetes inspection. #TeamPCP #LiteLLM
Keypoints
- TeamPCP published malicious LiteLLM versions 1.82.7 and 1.82.8 to PyPI.
- Malicious code executes on import and 1.82.8 installs a .pth file to run on every Python startup.
- The payload harvests SSH keys, cloud credentials, Kubernetes tokens, TLS keys, wallets, and .env files.
- Exfiltrated data is encrypted and sent to attacker infrastructure at models.litellm[.]cloud using TeamPCP Cloud Stealer techniques.
- Remove affected versions, rotate all exposed credentials, search for persistence artifacts, inspect Kubernetes clusters, and use 1.82.6 as the clean release.