Theregister
LiteLLM Python Package Compromised in Major Supply Chain Attack by TeamPCP
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On March 24, 2026, two malicious versions of the LiteLLM Python package (1.82.7 and 1.82.8) were published on PyPI, containing credential-stealing malware. The attack, attributed to the TeamPCP threat group, exploited vulnerabilities in the CI/CD pipeline, specifically through the Trivy vulnerability scanner. The compromised versions were available for approximately two hours, potentially affecting millions of users given LiteLLM's 95 million monthly downloads. The malware is designed to harvest sensitive data such as SSH keys, cloud credentials, and Kubernetes secrets, and can establish persistence on affected systems. Security advisories have been issued, urging developers to check their installations and rotate any exposed credentials. The attack highlights the risks associated with supply chain vulnerabilities in open-source software. As of now, the malicious versions have been removed from PyPI, and the maintainers are managing the fallout.
Key Points: • Malicious LiteLLM versions 1.82.7 and 1.82.8 were published on March 24, 2026. • The attack exploited vulnerabilities in the CI/CD pipeline via the Trivy vulnerability scanner. • The malware can steal sensitive data and establish persistence, affecting millions of users.