logo

TeamPCP Hijacks LiteLLM's PyPI Package

ID: 94b58809-0467-5e2c-a9fc-562fb54d9135

STIX ID: report--94b58809-0467-5e2c-a9fc-562fb54d9135

Feed Name: OpenSourceMalware Blog

Threat Score
90/100

Date Published: 2026-03-25

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

TeamPCP hijacked the LiteLLM maintainer's PyPI account and published malicious litellm versions (1.82.7 and 1.82.8) that deploy a .pth auto-executing credential stealer and backdoors; the malware harvests cloud, developer, CI/CD, and crypto credentials, attempts Kubernetes cluster takeover, exfiltrates encrypted bundles to models.litellm.cloud, and installs persistent sysmon backdoors (beaconing to checkmarx.zone). PyPI quarantined the project and the report provides IOCs, persistence indicators, attack timeline, links to prior TeamPCP activity, and remediation guidance (credential rotation, CI audits, pinning actions, 2FA).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.