ADVERTISEMENT

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library used by AI developers, was compromised to deliver a mass credential harvesting malware, sending shockwaves across the industry. The “software horror” spread like an infection to other projects through dependencies. A clearer picture has emerged of how the unprecedented hack unfolded.

litellm-library-hacked

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 25, 2026 Updated: 25 March 2026 7 min read
litellm
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

How was LiteLLM breached?

PyPI malware
Image by Cybernews.
Has my data been leaked?
python-burning-a-massive-bag-of-money.jpg

The attack wreaking havoc

Two developers expressing uncertainty.
ADVERTISEMENT

The implications are far-reaching

The malware is capable of exfiltrating nearly everything

  • SSH keys (private keys and host authentication files)
  • Git credentials (usernames, passwords, and repository access tokens)
  • AWS (access keys, IAM role credentials, live calls to Secrets Manager and SSM Parameter Store)
  • Kubernetes (cluster configs, admin credentials, service account tokens and secrets across all namespaces)
  • Google Cloud Platform (application default credentials, service account keys)
  • Azure (full credentials directory)
  • Docker (registry authentication configs)
  • Environment files
  • Package manager tokens (npm, Vault, database passwords, including PostgreSQL, MySQL, MongoDB)
  • Shell history
  • TLS/PKI private keys and certificate files
  • CI/CD configs (Terraform state, GitLab, Travis, Jenkins, and Ansible files)
  • Crypto wallets Bitcoin, Litecoin, Dogecoin, Ethereum keystore, Solana keypairs, Cardano files
  • System files (user account database and authentication logs)

Who’s behind the attack?


ADVERTISEMENT