LiteLLM on PyPI is compromised

by
corbet
from LWN.net on (#74F1C)
This issuereport describes a credential-stealing attack buried within LiteLLM1.82.8 in the PyPI repository. It collects and exfiltrates a wide varietyof information, including SSH keys, credentials for a number of cloudservices, crypto wallets, and so on. Anybody who has installed thispackage has likely been compromised and needs to respond accordingly.

Update: see thisfuturesearch article for some more information. "The releasecontains a malicious .pth file (litellm_init.pth) that executesautomatically on every Python process startup when litellm is installed inthe environment."

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments