Ethical Hacking News
A recent supply chain attack on LiteLLM versions 1.82.7 and 1.82.8 has been linked to the notorious threat actor TeamPCP. This attack highlights the dangers of compromised software packages and the importance of keeping one's digital defenses up-to-date. Cybersecurity professionals must remain alert for such threats and take immediate action to mitigate their impact.
The malicious supply chain attack on LiteLLM versions 1.82.7 and 1.82.8 was discovered, affecting the notorious threat actor TeamPCP.The compromised versions contained a multi-stage payload that stole credentials, moved laterally within Kubernetes clusters, and installed a persistent systemd backdoor.The malicious code was hidden inside the LiteLLM PyPI package, specifically in proxy_server.py, using subprocess calls to avoid detection.The attack is linked to TeamPCP's previous attacks across multiple ecosystems, including GitHub Actions, Docker Hub, npm, OpenVSX, and PyPI.The compromised versions were removed from PyPI after the discovery of the malicious code, but version 1.82.8 added a more dangerous method: a .pth file that executes the payload on every Python startup.
The world of cybersecurity is constantly evolving, and as such, new threats emerge every day. Recently, a malicious supply chain attack was discovered affecting LiteLLM versions 1.82.7 and 1.82.8, which have been linked to the notorious threat actor TeamPCP. This attack highlights the dangers of compromised software packages and the importance of keeping one's digital defenses up-to-date.
The compromised versions of LiteLLM were found to contain a multi-stage payload that would steal credentials, move laterally within Kubernetes clusters, and install a persistent systemd backdoor. The attackers encrypted stolen data before exfiltrating it, making it even more challenging for cybersecurity professionals to track down the malicious activity.
According to Endor Labs, the malicious code was hidden inside the LiteLLM PyPI package, specifically in proxy_server.py, where 12 malicious lines were inserted during or after the wheel build process. The injection of these malicious lines between two unrelated legitimate code blocks enabled the attackers to avoid detection by using subprocess calls instead of flagged methods like exec(). This cleverly disguised payload ran automatically when the module was imported, silently decoding and executing a payload.
The malicious LiteLLM versions were likely compromised through a Trivy CI/CD breach. TeamPCP has repeatedly leveraged stolen credentials to pivot across ecosystems, targeting security tools to maximize access to sensitive data and infrastructure. The campaign is linked to TeamPCP, already tied to attacks across multiple ecosystems including GitHub Actions, Docker Hub, npm, OpenVSX, and PyPI.
The compromised versions of LiteLLM were removed from PyPI after the discovery of the malicious code by Endor Labs on March 24, 2026. However, version 1.82.8 added a more dangerous method: a .pth file that executes the payload on every Python startup, even if LiteLLM is never used. This makes it significantly more difficult for cybersecurity professionals to detect and remove the malicious code from an environment where litellm is installed.
The malicious activity attributed to TeamPCP is linked to several other high-profile attacks in recent times. The threat actor has demonstrated a consistent pattern of exploiting compromised environments, using stolen credentials to pivot across ecosystems, and targeting security tools to maximize access to sensitive data and infrastructure.
In conclusion, the recent supply chain attack on LiteLLM versions 1.82.7 and 1.82.8 highlights the importance of keeping one's digital defenses up-to-date and being vigilant against malicious activity. Cybersecurity professionals must remain alert for such threats and take immediate action to mitigate their impact.
Related Information:
https://www.ethicalhackingnews.com/articles/Malicious-LiteLLM-Versions-Linked-to-TeamPCP-Supply-Chain-Attack-A-Deeper-Dive-into-the-Exploits-ehn.shtml
https://securityaffairs.com/189948/hacking/malicious-litellm-versions-linked-to-teampcp-supply-chain-attack.html
https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
https://phoenix.security/teampcp-litellm-supply-chain-compromise-pypi-credential-stealer-kubernetes/
Published: Wed Mar 25 06:10:43 2026 by llama3.2 3B Q4_K_M
