The AI library 'LiteLLM,' which has over 40,000 GitHub stars, was subjected to a supply chain attack, resulting in the distribution of a malware version. Users' SSH keys and API keys may have been stolen.



The AI management library '

LiteLLM ' was subjected to a supply chain attack, and it has been discovered that a malware version containing malicious modifications was temporarily distributed. It has also been found that the malware version of LiteLLM was running a script that stole users' SSH keys and API keys.

[Security]: litellm PyPI package (v1.82.7 + v1.82.8) compromised — full timeline and status · Issue #24518 · BerriAI/litellm
https://github.com/BerriAI/litellm/issues/24518

Supply Chain Attack in litellm 1.82.8 on PyPI
https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/

LiteLLM is a library that allows users to manage AI from different developers, such as OpenAI and Anthropic, using the same interface, and it's a popular project with over 40,000 stars on GitHub. LiteLLM is distributed on PyPI, the official Python package repository, but version 1.82.8, released at 7:52 PM JST on March 24, 2026, was found to contain malicious code, as discovered by the AI development company FUTURESEARCH .



According to FUTURESEARCH, version 1.82.8 of LiteLLM was not publicly available on the GitHub repository but was registered directly on PyPI. Version 1.82.8 contained a malicious script that automatically ran when the Python process started, collecting and sending sensitive information such as users' SSH keys, environment variables like API keys, AWS, GCP, and Azure credentials, and cryptocurrency wallet information to external parties. Furthermore, the investigation revealed that a similar problem existed in version 1.82.7.

As of the time of writing, LiteLLM versions 1.82.7 and later have been removed from PyPI. Users who have installed LiteLLM versions 1.82.7 and later are advised to update all authentication information in their environment variables and configuration files.

An issue reporting a problem was registered in the LiteLLM GitHub repository at 8:48 PM JST on March 24, 2026. However, the issue has been flooded with spam, presumably from an attacker, rendering it dysfunctional.



As a replacement for the malfunctioning issue, an information-sharing issue has been registered at the following link.

[Security]: litellm PyPI package (v1.82.7 + v1.82.8) compromised — full timeline and status · Issue #24518 · BerriAI/litellm
https://github.com/BerriAI/litellm/issues/24518



Additionally, information is being shared on Hacker News in case the alternative Issue also fails to function.

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised | Hacker News
https://news.ycombinator.com/item?id=47501426



Related Posts:

in AI,   Software,   Security, Posted by log1o_hf