"Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them accordingly."
"Given the package's three million daily downloads, the compromised LiteLLM could have seen significant exposure during that short time span."
"The payload operating in three distinct stages included initial execution and data exfiltration, deeper reconnaissance and credential harvesting, and finally persistence with remote control capabilities."
"Once executed, the malware collected sensitive data, encrypted it using AES-256-CBC, and then secured the encryption key with an embedded RSA public key before sending everything to attacker-controlled servers."
Malicious versions of LiteLLM were published on PyPI, linked to a Trivy breach, potentially exposing credentials in AI applications and developer pipelines. The packages contained a multi-stage payload that harvested sensitive data from developer environments and cloud configurations. They were available for about two hours, with significant exposure due to three million daily downloads. The attack involved initial execution, data exfiltration, reconnaissance, credential harvesting, and persistence with remote control capabilities, utilizing obfuscation techniques to conceal its activities.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]