theanonymousone4d ago

LiteLLM Python package compromised by supply-chain attack

https://github.com/BerriAI/litellm/issues/24512

[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer · Issue #24512 · BerriAI/litellm

[LITELLM TEAM] - For updates from the team, please see: #24518 [Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI package — credential stealer Summary The litellm==1.82.8 wheel...

GitHub
Show threadintothemild4d ago

I just installed Harbor, and it instantly pegged my cpu.. i was lucky to see my processes before the system hard locked.

Basically it forkbombed `grep -r rpcuser\rpcpassword` processes trying to find cryptowallets or something. I saw that they spawned from harness, and killed it.

Got lucky, no backdoor installed here from what i could make out of the binary

Show threadhmokiguess4d ago
What is Harness?
Show threadintothemild
Sorry i mean Harbor.. was running terminal bench
Mar 24 at 2:18pmWeb