|
|
Log in / Subscribe / Register

LiteLLM on PyPI is compromised

[Posted March 24, 2026 by corbet]

This issue report describes a credential-stealing attack buried within LiteLLM 1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety of information, including SSH keys, credentials for a number of cloud services, crypto wallets, and so on. Anybody who has installed this package has likely been compromised and needs to respond accordingly.

Update: see this futuresearch article for some more information. "The release contains a malicious .pth file (litellm_init.pth) that executes automatically on every Python process startup when litellm is installed in the environment."

to post comments

HN discussion

Posted Mar 24, 2026 15:32 UTC (Tue) by fdekerm (subscriber, #178274) [Link]

For those interested, here is the related Hacker News discussion

another creative way to steal

Posted Mar 24, 2026 15:33 UTC (Tue) by vuji (guest, #182841) [Link]

wow! persons are discovering new ways and methods to steal information. due to open nature/source at least many persons immediately know the issue and take precautions as soon as possible.

Countermeasures?

Posted Mar 25, 2026 10:15 UTC (Wed) by grothesque (guest, #130832) [Link]

I try to limit my exposure to supply chain attacks by relying on Debian stable for most of my software needs. But sometimes there is no practical alternative to using third-party software repositories like PyPI or cargo for some specific software.

I install and run such software using bubblewrap [1] sandboxes. Using some custom scripts this approach can be made quite convenient in practice.

I wonder what other measures people find to be useful.

[1] https://lwn.net/Articles/686113/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds