The TeamPCP hacking group has targeted the widely used “LiteLLM” Python package on PyPI in a recent supply-chain attack, claiming to have accessed data from hundreds of thousands of devices. LiteLLM is a popular open-source Python library with over 3.4 million daily downloads and more than 95 million downloads in the past month.
According to research by Endor Labs, TeamPCP compromised the LiteLLM project and released malicious versions of LiteLLM 1.82.7 and 1.82.8 on PyPI. These versions deploy an infostealer that gathers various sensitive data from infected devices.
TeamPCP, known for the Aqua Security Trivy breach, has expanded its targets to include LiteLLM and Kubernetes clusters. The attack involves deploying an infostealer that harvests credentials, deploys a backdoor, and exfiltrates the stolen data to an attacker-controlled domain.
Organizations are urged to check for the malicious LiteLLM versions, rotate all credentials and tokens, inspect for persistence artifacts, and monitor outbound traffic to attacker domains to prevent further attacks. Failure to rotate credentials has been linked to previous breaches, highlighting the importance of regular credential rotation to prevent supply-chain attacks.
