TeamPCP Compromises LiteLLM PyPI Packages, Exfiltrating API Keys and Deploying Malware
What Happened – On March 24 2026 the cyber‑criminal group TeamPCP uploaded two malicious versions (1.82.7 and 1.82.8) of the open‑source LiteLLM library to PyPI. The packages contained a credential‑stealing module and a malware dropper that executed on developers’ machines and cloud CI/CD runners.
Why It Matters for TPRM –
- The compromised library sits between applications and multiple LLM providers, giving attackers direct access to API keys, environment variables and other secrets.
- Supply‑chain compromise spreads quickly across any organization that consumes the package, amplifying risk to development pipelines, cloud workloads and downstream SaaS services.
Who Is Affected – Technology & SaaS vendors, AI‑focused development teams, cloud service providers, CI/CD platform operators, and any third‑party that integrates LiteLLM.
Recommended Actions –
- Identify and remove the malicious LiteLLM versions from all environments.
- Rotate all potentially exposed credentials (API keys, SSH keys, cloud tokens, CI/CD secrets, crypto wallets).
- Conduct forensic analysis for persistence mechanisms; consider rebuilding affected systems from a known clean baseline.
Technical Notes – Attack vector: compromised maintainer account and malicious GitHub workflows (third‑party dependency supply‑chain). Malware delivered a credential stealer and secondary payload dropper. No public CVE; the threat leveraged the open‑source distribution channel. Source: https://www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/