Supply-chain compromise of LiteLLMSupply-chain compromise of LiteLLMAn attacker hijacked maintainer credentials via poisoned CI dependency, published legit-package backdoors with auto-executing infostealer (.pth) exfiltrating cloud, SSH, K8s, and crypto secrets, plus persistence/C2.According to LiteLLM only PyPI versions 1.82.7/1.82.8 had malicious packages, injected via compromised CI (Trivy). Official Docker image (pinned deps) unaffected; releases paused during audit. Malware enabled full credential exfiltration and persistence.LiteLLM’s guidance: Uninstall affected versions (1.82.7/1.82.8) and reinstall a safe version (≤1.82.6) Rotate all credentials (cloud, API keys, SSH, etc.) immediately Audit systems/CI for compromise & persistence (hosts, containers, clusters) Pause/secure release pipelines and review supply chain (CI/CD, dependencies) Prefer pinned/isolated deployments (e.g., Docker with locked deps)
