LiteLLM Python package compromised by supply-chain attack
![[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer · Issue #24512 · BerriAI/litellm](https://pub-90f0ac00d93c47daac3e1d2cdd28d496.r2.dev/articles/51d46f16909604153de11fd523630f79.webp)
github.com
March 24, 2026
3 min read
🔥🔥🔥🔥🔥
72/100
Summary
The litellm 1.82.8 package on PyPI contains a malicious litellm_init.pth file that executes a credential-stealing script upon starting the Python interpreter. Users are advised to avoid this version to prevent credential theft.
Key Takeaways
- The litellm==1.82.8 PyPI package contains a malicious .pth file that executes a credential-stealing script upon Python interpreter startup without requiring an import statement.
- The malicious script collects sensitive information from the host system, including API keys, SSH keys, Git credentials, and various cloud provider credentials.
- Collected data is encrypted and exfiltrated to the domain models.litellm.cloud using a POST request.
- The attack exploits the automatic execution of .pth files in Python's site-packages directory, making it stealthy and difficult to detect.
Community Sentiment
Positives
- The LiteLLM team is actively investigating the supply-chain attack, indicating a commitment to transparency and improvement in their security practices.
- The quarantine of the compromised package on PyPI demonstrates proactive measures to protect users from potential threats.
Concerns
- The reliance on dependencies and development setups raises significant trust issues, highlighting the need for better isolation and security in AI development environments.
- Concerns about training data integrity suggest that compromised code could inadvertently influence AI models, leading to potential security vulnerabilities in their outputs.
