An AI gateway designed to steal your data

**Supply-chain compromise of LiteLLM (PyPI) and trojanized OpenVSX/Checkmarx extensions:** attackers published malicious LiteLLM packages that executed Base64-embedded Python payloads to collect filesystem secrets, runtime AWS/ECS credentials, database and CI/Terraform/Helm configurations, and crypto wallet data, then encrypted and exfiltrated results to a C2 (checkmarx.zone); the malware also attempted Kubernetes node breakout and persistent systemd-based implants on nodes and hosts. Victims were observed globally and compromised packages have been removed from repositories.