Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <15ab167a-f15b-4747-bb40-5427c3b48402@oracle.com>
Date: Tue, 24 Mar 2026 14:53:39 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: litellm pypi packages compromised, infostealer added

On 3/23/26 07:31, Jeremy Utiera wrote:
> Of note, this attack is still on-going and the extent of Trivy's
> compromise seems to be growing.

And it appears they were able to leverage the Trivy compromise to
compromise other packages as well.

https://github.com/BerriAI/litellm/issues/24512 and
https://github.com/BerriAI/litellm/issues/24518
report that litellm PyPI packages v1.82.7 + v1.82.8 were compromised:

    The litellm==1.82.8 wheel package on PyPI contains a malicious .pth file
    (litellm_init.pth, 34,628 bytes) that automatically executes a credential-
    stealing script every time the Python interpreter starts — no import litellm
    required.

    Anyone who installed litellm==1.82.8 via pip has had all environment
    variables, SSH keys, cloud credentials, and other secrets collected
    and sent to an attacker-controlled server.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.