TeamPCP Hackers Weaponize LiteLLM for Credential Harvesting Attacks

A sophisticated supply-chain campaign attributed to a group called TeamPCP weaponized the open-source LiteLLM Python library by publishing malicious PyPI releases after compromising a Trivy scanner used in LiteLLM’s CI/CD. The malicious packages (v1.82.7 and v1.82.8) inject code to harvest AI provider API keys, cloud metadata, and local configuration files, encrypt and exfiltrate the stolen data, and establish persistence via a backdoor and regular C2 polling; the report includes file hashes and exfiltration/C2 URLs as IOCs.