Summary
TeamPCP compromised the litellm Python library to distribute malicious versions (1.82.7 and 1.82.8) that harvest cloud credentials, SSH keys, and Kubernetes secrets. The attack uses a persistent backdoor and lateral movement toolkit to compromise entire clusters and steals data to attacker-controlled infrastructure.
Take Action:
If you use litellm in any project, check immediately whether you have version 1.82.7 or 1.82.8 installed. If so, isolate the affected systems, revert to a clean version, and rotate every credential on those machines (SSH keys, cloud tokens, API keys, database passwords, crypto wallets, all of it). Because this attack can spread through other tools that depend on litellm, also audit your broader Python environments and CI/CD pipelines for these versions, remove any persistence files (sysmon.py, sysmon.service), and check Kubernetes clusters for unauthorized pods.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)