TeamPCP Hijacks LiteLLM's PyPI Package
ID: 94b58809-0467-5e2c-a9fc-562fb54d9135
STIX ID: report--94b58809-0467-5e2c-a9fc-562fb54d9135
Feed Name: OpenSourceMalware Blog
Date Published: 2026-03-25
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
TeamPCP hijacked the LiteLLM maintainer's PyPI account and published malicious litellm versions (1.82.7 and 1.82.8) that deploy a .pth auto-executing credential stealer and backdoors; the malware harvests cloud, developer, CI/CD, and crypto credentials, attempts Kubernetes cluster takeover, exfiltrates encrypted bundles to models.litellm.cloud, and installs persistent sysmon backdoors (beaconing to checkmarx.zone). PyPI quarantined the project and the report provides IOCs, persistence indicators, attack timeline, links to prior TeamPCP activity, and remediation guidance (credential rotation, CI audits, pinning actions, 2FA).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
