- Popular Python package LiteLLM compromised in supply chain attack
- Malicious updates (v1.82.7, v1.82.8) implemented TeamPCP Cloud Stealer infostealer
- Attack Harvested Cloud Credentials, Kubernetes Secrets, Wallets; users are encouraged to rotate tokens and revert to secure versions
A hugely popular Python package called LiteLLM was compromised and used to deploy an infostealer malware to hundreds of thousands of devices.
LiteLLM is a lightweight API layer that lets users call multiple AI models (like OpenAI, Anthropic, etc.) through one unified interface. It has more than 40,000 stars and more than 30,000 commits.
According to several security researchers, as well as the project’s maintainers, threat actors calling themselves TeamPCP managed to break into the LiteLLM account and push two malicious updates: LiteLLM 1.82.7 and 1.82.8.
The article continues below
Steal secrets
The exact number of people who have downloaded this update is unknown (and probably never will be), but some sources claim it could be as many as 500,000.
Bleeping Computer reports that the breach is a direct result of a previous compromise of Aqua Security’s Trivy vulnerability scanner, following similar attacks on Aqua Security Docker images and the Checkmarx KICS project.
Through the supply chain attack, TeamPCP distributed a custom-built infostealer called “TeamPCP Cloud Stealer”, as well as a persistence script. Security researchers at Endor Labs said the attack is divided into three stages:
“Once triggered, the payload runs a three-stage attack: it harvests credentials (SSH keys, cloud tokens, Kubernetes secrets, crypto-wallets, and .env files), attempts lateral movement across Kubernetes clusters by deploying privileged pods to each node, and installs an additional persistent Labdoraries binary.”
“Exfiltrated data is encrypted and sent to an attacker-controlled domain.”
The infostealer also runs a system check, retrieves cloud credentials for Amazon, Google, and Microsoft, and pulls TLS private keys and CI/CD secrets.
If you have installed any of the poisoned versions, be sure to rotate all secrets, tokens, and credentials as soon as possible, and monitor outgoing traffic to known attacker domains. Also, be sure to revert to either version 1.82.3 or 1.82.6.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
