A supply chain attack on PyPI compromised LiteLLM version 1.82.8, resulting in over 40,000 downloads of a malicious package capable of exfiltrating SSL/SSH keys, cloud credentials, Kubernetes configs, API keys, shell history, and crypto wallets. The attack was discovered by FutureSearch researcher Callum McMahon when his Mac ground to a halt due to a fork bomb bug in the malware itself — a flaw that inadvertently exposed the attack earlier than intended. The compromised package was quarantined within ~40 minutes of reporting. The attack was enabled by a vulnerability in Trivy that gave attackers access to LiteLLM's publishing pipeline. Two tools have since been released to help developers assess impact: FutureSearch's litellm-checker and Point Wild's open-source who-touched-my-packages (wtmp) scanner.
Sort: