- Popular Python package LiteLLM compromised in supply chain attack
- Malicious updates (v1.82.7, v1.82.8) implemented TeamPCP Cloud Stealer information theft
- The attack collected cloud credentials, Kubernetes secrets, wallets; Users are encouraged to rotate tokens and revert to secure versions.
A popular Python package called LiteLLM was compromised and used to deploy data-stealing malware on hundreds of thousands of devices.
LiteLLM is a lightweight API layer that allows users to call multiple AI models (such as OpenAI, Anthropic, etc.) through a unified interface. It has more than 40,000 stars and more than 30,000 confirmations.
According to several security researchers as well as the project’s maintainers, threat actors calling themselves TeamPCP managed to break into the LiteLLM account and push two malicious updates: LiteLLM 1.82.7 and 1.82.8.
Article continues below.
Steal secrets
The exact number of people who downloaded this update is unknown (and probably never will be known), but some sources claim it could be as high as 500,000.
beepcomputer reports that the breach is the direct result of a previous compromise in Aqua Security’s Trivy vulnerability scanner, following similar attacks on Aqua Security Docker images and the Checkmarx KICS project.
Through the supply chain attack, TeamPCP distributed a custom data stealer called “TeamPCP Cloud Stealer,” as well as a persistence script. Security researchers at Endor Labs said the attack falls into three steps:
“Once activated, the payload executes a three-stage attack: collects credentials (SSH keys, cloud tokens, Kubernetes secrets, crypto wallets, and .env files), attempts lateral movement across Kubernetes clusters by deploying privileged pods on each node, and installs a systemd persistent backdoor that checks for additional binaries,” explains Endor Labs.
“The extracted data is encrypted and sent to a domain controlled by the attacker.”
The data thief also runs a system check, obtains cloud credentials for Amazon, Google, and Microsoft, and extracts TLS private keys and CI/CD secrets.
If you have installed any of the poisoned versions, be sure to rotate all secrets, tokens, and credentials as soon as possible and monitor outbound traffic to known attacker domains. Also, make sure to roll back to versions 1.82.3 or 1.82.6.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
