theanonymousone4d ago

LiteLLM Python package compromised by supply-chain attack

https://github.com/BerriAI/litellm/issues/24512

[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer · Issue #24512 · BerriAI/litellm

[LITELLM TEAM] - For updates from the team, please see: #24518 [Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI package — credential stealer Summary The litellm==1.82.8 wheel...

GitHub
Show threadhiciu4d ago

Besides main issue here, and the owners account being possibly compromised as well, there's like 170+ low quality spam comments in there.

I would expect better spam detection system from GitHub. This is hardly acceptable.

Show threadorf4d ago
i'm guessing it's accounts they have compromised with the stealer.
Show threadebonnafoux4d ago

They repeat only six sentences during 100+ comments:

Worked like a charm, much appreciated.

This was the answer I was looking for.

Thanks, that helped!

Thanks for the tip!

Great explanation, thanks for sharing.

This was the answer I was looking for.

Show threaddec0dedab0de
Over the last ~15 years I have been shocked by the amount of spam on social networks that could have been caught with a Bayesian filter. Or in this case, a fairly simple regex.
Mar 24 at 2:39pmWeb
Show threadImustaskforhelp4d ago

Well, large companies/corporations don't care about Spam because they actually benefit from spam in a way as it boosts their engagement ratio

It just doesn't have to be spammed enough that advertisers leave the platform and I think that they sort of succeed in doing so.

Think about it, if Facebook shows you AI slop ragebait or any rage-inducing comment from multiple bots designed to farm attention/for malicious purposes in general, and you fall for it and show engagement to it on which it can show you ads, do you think it has incentive to take a stance against such form of spam

Show threaddec0dedab0de4d ago
Yeah, I almost included that part in my comment, but it still sucks.