"The malware was capable to exfiltrate SSL and SSH keys, Cloud provider credentials, Kubernetes configurations, Git credentials, API keys, shell history, crypto wallets, and many other kinds of secrets."
"After promptly reporting the compromised package to the PyPI security team and the LiteLLM maintainers, the affected package where quarantined within approximately 40 minutes."
"The .pth launcher spawns a child Python process via subprocess.Popen, but because .pth files trigger on every interpreter startup, the child re-triggers the same .pth - creating an exponential fork bomb that crashed the machine."
A supply chain attack against LiteLLM on PyPI resulted in over 40,000 downloads of a compromised version that installed malware capable of harvesting sensitive information. The malware could exfiltrate SSL and SSH keys, Cloud provider credentials, and other secrets. The attack affected the litellm 1.82.8 package, which was quarantined within 40 minutes after being reported. The malware's flawed implementation caused a recursive fork, crashing the system of a researcher who triggered the download, highlighting the potential for unnoticed attacks without such errors.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]