LiteLLM PyPI credential-stealing malware compromise
Malware Activity
Summary
Hide ▲
Show ▼
The LiteLLM package on PyPI was compromised with credential-stealing malware, putting downstream environments at risk of secret theft and persistence. Malicious releases 1.82.7 and 1.82.8 were uploaded on March 24, 2026 and could run automatically in affected Python environments. The payload harvested cloud and system credentials, moved laterally across Kubernetes clusters, and installed persistent backdoors. Researchers linked the activity to TeamPCP and noted the package has more than 95 million monthly downloads.
Related Happenings
TeamPCP opens its offensive framework to copycat supply-chain attackers
Threat Actor Meta
First: 19.05.2026 07:54
Last: 19.05.2026 07:54
Sources 1
About this happening:
**TeamPCP** has started distributing its **offensive framework source code**, turning a single supply-chain operation into reusable tradecraft that other threat actors can adopt....
TeamPCP opens its offensive framework to copycat supply-chain attackers
Threat Actor MetaAbout this happening: **TeamPCP** has started distributing its **offensive framework source code**, turning a single supply-chain operation into reusable tradecraft that other threat actors can adopt....
Shai-Hulud worm clone activity on NPM
Malware Activity
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers
Malware Activity
First: 18.05.2026 11:57
Last: 18.05.2026 11:57
Sources 1
About this happening:
Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...
Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers
Malware ActivityAbout this happening: Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...
Node-ipc malicious versions with stealer/backdoor payload
Malware Activity
First: 14.05.2026 20:22
Last: 14.05.2026 20:22
Sources 1
About this happening:
Three **node-ipc** releases now carry an **obfuscated stealer/backdoor** that can harvest **developer and cloud secrets** from any system that loads the package. The malicious cod...
Node-ipc malicious versions with stealer/backdoor payload
Malware ActivityAbout this happening: Three **node-ipc** releases now carry an **obfuscated stealer/backdoor** that can harvest **developer and cloud secrets** from any system that loads the package. The malicious cod...
Mini Shai-Hulud supply-chain campaign targeting npm and PyPI
Campaign
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
The **Mini Shai-Hulud** **supply-chain campaign** linked to **TeamPCP** expanded into downstream victim reporting, including **Grafana Labs**. Grafana said its **GitHub environmen...
Mini Shai-Hulud supply-chain campaign targeting npm and PyPI
CampaignAbout this happening: The **Mini Shai-Hulud** **supply-chain campaign** linked to **TeamPCP** expanded into downstream victim reporting, including **Grafana Labs**. Grafana said its **GitHub environmen...
Latest development: 21.05.2026 11:00
Grafana Labs said its GitHub environment was accessed and its codebase downloaded, with additional internal operational information taken from GitHub repositories, after compromise linked to the Mini Shai-Hulud campaign and TanStack npm packages. Grafana said it first spotted malicious activity on May 11, discovered the unauthorized download on May 17, and after contact from the ransom gang rotated automation tokens, enabled enhanced monitoring, audited commits since the May 11 incident, and hardened its GitHub security posture, while saying there is no indication customer production systems or operations were compromised.
Timeline
-
25.03.2026 14:00 1 articles · 2mo ago
LiteLLM 1.82.7 and 1.82.8 uploaded with credential-stealing malware
Untyped PhaseLiteLLM versions 1.82.7 and 1.82.8 were uploaded to PyPI with hidden malware that harvested credentials, moved laterally across Kubernetes environments, and installed persistent backdoors. Version 1.82.6 was identified as the last clean release after the malicious versions were removed.
Show sources
- TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise — www.infosecurity-magazine.com — 25.03.2026 14:00
-
25.03.2026 14:00 2 articles · 2mo ago
LiteLLM compromise disclosed with TeamPCP attribution and cleanup guidance
Initial DisclosureSecurity researchers from Endor Labs and Jfrog described a compromised LiteLLM package on PyPI that could execute automatically when certain package components were imported, while the later malicious version could trigger whenever any Python process started in an affected environment. They linked the compromise to TeamPCP, said the stolen data was encrypted before transmission to attacker-controlled infrastructure, and warned affected organizations to rotate secrets and review systems for compromise.
Show sources
- TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise — www.infosecurity-magazine.com — 25.03.2026 14:00
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers — thehackernews.com — 06.04.2026 14:45