Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign

The threat actor TeamPCP continues its campaign against open-source software by trojanizing popular Python libraries, specifically targeting LiteLLM versions 1.82.7 and 1.82.8. This supply chain attack abuses Python's .pth mechanism to establish stealthy persistence on compromised systems. The primary objective is credential theft, where the malware exfiltrates cloud credentials, CI/CD secrets, and API keys to attacker-controlled infrastructure. This activity poses a high severity risk to development environments and cloud infrastructure security. Organizations utilizing LiteLLM must immediately audit their dependencies and rotate any potentially exposed secrets. Mitigation strategies include pinning dependency versions, implementing software composition analysis (SCA) tools, and monitoring for unusual outbound network traffic from build environments. This incident highlights the ongoing risk of dependency confusion and repository poisoning within the software supply chain, requiring heightened vigilance from DevSecOps teams to prevent unauthorized access and data loss.

LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains.

The threat actor TeamPCP continues its campaign against open-source software by trojanizing popular Python libraries, specifically targeting LiteLLM versions 1.82.7 and 1.82.8. This supply chain attack abuses Python's .pth mechanism to establish stealthy persistence on compromised systems. The primary objective is credential theft, where the malware exfiltrates cloud credentials, CI/CD secrets, and API keys to attacker-controlled infrastructure. This activity poses a high severity risk to development environments and cloud infrastructure security. Organizations utilizing LiteLLM must immediately audit their dependencies and rotate any potentially exposed secrets. Mitigation strategies include pinning dependency versions, implementing software composition analysis (SCA) tools, and monitoring for unusual outbound network traffic from build environments. This incident highlights the ongoing risk of dependency confusion and repository poisoning within the software supply chain, requiring heightened vigilance from DevSecOps teams to prevent unauthorized access and data loss. LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains. LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains.