LiteLLM PyPI has been compromised an hour ago, do not update
7 hours ago
- #python
- #security
- #malware
- litellm version 1.82.8 and 1.82.7 are compromised with a malicious .pth file.
- The malware collects sensitive files (SSH keys, cloud credentials, etc.), exfiltrates data, and attempts lateral movement.
- Affected users should check for the compromised version, remove it, purge caches, and rotate all credentials.
- The malware also attempts persistence via systemd and Kubernetes, creating backdoors in affected systems.
- The issue has been reported to PyPI and the litellm maintainers, with community tracking on GitHub.