Reddit
LiteLLM PyPI Supply Chain Attack — TeamPCP Compromises 3.4M-Downloads/Day Package Via Trivy CI/CD Chain
LiteLLM versions 1.82.7 and 1.82.8 on PyPI were compromised by threat actor TeamPCP, who obtained maintainer credentials through a prior compromise of Aqua Security's Trivy vulnerability scanner. The malicious .pth file executes on every Python startup, harvesting SSH keys, cloud credentials (GCP/AWS/Azure), Kubernetes configs, and API keys — then attempts lateral movement across K8s clusters. The package sees 3.4 million downloads per day; malicious versions were live approximately 3 hours before PyPI quarantined them.
↳ Follow the thread