Sanctum Labs Inc.

PSA: litellm 1.82.7 + 1.82.8 on PyPI are MALICIOUS.

Chained attack: Trivy (security scanner) compromised → litellm CI secrets stolen → PyPI account hijacked → poisoned packages published.

Malware harvests SSH keys, cloud creds, .env files, K8s configs, crypto wallets. Exfiltrated to a domain registered hours before.

If affected: uninstall, purge caches, ROTATE ALL CREDS, audit K8s, check CI/CD.

#InfoSec #SupplyChain #Python #GlassWorm #OpenSource #CyberSecurity

Mar 24 at 6:35pmWeb
Show threadSanctum Labs Inc.3d ago

Our full analysis — attack chain, malware breakdown, and enhanced remediation steps:

https://sanctumlabs.co/blog/litellm-supply-chain-attack

GitHub timeline: https://github.com/BerriAI/litellm/issues/24518
Trivy campaign: https://ramimac.me/teampcp/

Anatomy of a Supply Chain Attack: How a Security Scanner Became the Entry Point

Malicious litellm versions were published to PyPI via a compromised Trivy scanner. We analyze the full attack chain, the malware, and provide critical remediation steps.

Sanctum Labs Inc.