33K Exposed LiteLLM Deployments and the C2 Servers Behind TeamPCP's Supply Chain Attack

TeamPCP published trojanized LiteLLM packages to PyPI that silently install a multi-stage infostealer and RAT: it harvests SSH and cloud credentials (including AWS IMDSv2), encrypts and exfiltrates data to models.litellm.cloud, and can escalate from a single pod to full Kubernetes cluster takeover; persistent implants poll checkmarx.zone for payloads and use two C2 frameworks (AdaptixC2 and Havoc), with 33,688 internet-facing LiteLLM instances observed and detailed IOCs provided.