A critical security vulnerability was discovered in litellm version 1.82.8 on PyPI. The wheel package contains a malicious .pth file (litellm_init.pth) that automatically executes a credential-stealing script every time Python starts — no import required. The payload is double base64-encoded and performs extensive data collection including environment variables, SSH keys, AWS/GCP/Azure credentials, Kubernetes configs, Docker configs, shell history, crypto wallets, and CI/CD secrets. Collected data is AES-256 encrypted, RSA-wrapped, and exfiltrated to an attacker-controlled domain (models.litellm.cloud). Anyone who installed this version should immediately rotate all credentials and check for the malicious .pth file in their site-packages directory.
Table of contents
SummaryReproductionMalicious Behavior (full analysis)Key Technical DetailsImpactAffected VersionRecommended ActionsEnvironmentSort: