Find notable cyber news and cases, enriched with sources, timelines, and signals.

LiteLLM PyPI credential-stealing malware compromise

Malware Activity
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

The LiteLLM package on PyPI was compromised with credential-stealing malware, putting downstream environments at risk of secret theft and persistence. Malicious releases 1.82.7 and 1.82.8 were uploaded on March 24, 2026 and could run automatically in affected Python environments. The payload harvested cloud and system credentials, moved laterally across Kubernetes clusters, and installed persistent backdoors. Researchers linked the activity to TeamPCP and noted the package has more than 95 million monthly downloads.

Related Happenings

Operation Navy Ghost PyPI supply-chain campaign

Campaign
H score26 First: 01.07.2026 00:02 Last: 01.07.2026 00:02 Sources 1

About this happening: The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...

Shai-Hulud PyPI supply-chain malware activity

Malware Activity
H score22 First: 08.06.2026 23:41 Last: 08.06.2026 23:41 Sources 1

About this happening: The **Shai-Hulud** supply-chain malware compromised **19 PyPI packages**, turning routine installs into secret-stealing execution and putting **developer credentials** at risk. Th...

TeamPCP opens its offensive framework to copycat supply-chain attackers

Threat Actor Meta
H score60 First: 19.05.2026 07:54 Last: 19.05.2026 07:54 Sources 1

About this happening: **TeamPCP** has started distributing its **offensive framework source code**, turning a single supply-chain operation into reusable tradecraft that other threat actors can adopt....

Shai-Hulud worm clone activity on NPM

Malware Activity
H score69 First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Deadcode09284814 malicious npm packages delivering Phantom Bot and infostealers

Malware Activity
H score22 First: 18.05.2026 11:57 Last: 18.05.2026 11:57 Sources 1

About this happening: Four **npm** packages published by **deadcode09284814** were found delivering **information-stealing malware** and **Phantom Bot** DDoS capability, putting installers at risk of *...

Timeline

  1. 25.03.2026 14:00 1 articles · 3mo ago

    LiteLLM 1.82.7 and 1.82.8 uploaded with credential-stealing malware

    Untyped Phase

    LiteLLM versions 1.82.7 and 1.82.8 were uploaded to PyPI with hidden malware that harvested credentials, moved laterally across Kubernetes environments, and installed persistent backdoors. Version 1.82.6 was identified as the last clean release after the malicious versions were removed.

    Show sources
  2. 25.03.2026 14:00 2 articles · 3mo ago

    LiteLLM compromise disclosed with TeamPCP attribution and cleanup guidance

    Initial Disclosure

    Security researchers from Endor Labs and Jfrog described a compromised LiteLLM package on PyPI that could execute automatically when certain package components were imported, while the later malicious version could trigger whenever any Python process started in an affected environment. They linked the compromise to TeamPCP, said the stolen data was encrypted before transmission to attacker-controlled infrastructure, and warned affected organizations to rotate secrets and review systems for compromise.

    Show sources