LiteLLM, an open-source Python package, was compromised in a supply-chain attack when malicious versions 1.82.7 and 1.82.8 were published to PyPI and contained code to exfiltrate cloud credentials, API keys, and cryptocurrency wallets while installing a persistent downloader. Researchers link the campaign to a group claiming to be TeamPCP and warn the widespread use of LiteLLM could expose thousands of cloud environments, so exposed credentials should be treated as compromised. #LiteLLM #TeamPCP
Keypoints
- Compromised LiteLLM versions 1.82.7 and 1.82.8 were briefly published on the Python Package Index.
- The malicious packages exfiltrated cloud credentials, API keys, and cryptocurrency wallets and installed a persistent downloader.
- Sonatype reported the packages were available for at least two hours, and Wiz estimates LiteLLM is present in roughly 36% of cloud environments.
- Researchers believe a maintainer account was likely compromised since the uploads used valid publishing access.
- The campaign is associated with a group calling itself TeamPCP, which uses Telegram to publicize and monetize stolen credentials.
Read More: https://therecord.media/supply-chain-attack-hits-widely-used-ai-package