Malware - TeamPCP Trojanizes LiteLLM in New Attack Campaign
Basically, a group of hackers added bad code to a popular software tool to steal sensitive information.
TeamPCP has struck again, compromising LiteLLM with malicious packages. Users of this popular tool are at risk of losing sensitive cloud credentials. Immediate action is needed to secure environments and prevent data theft.
What Happened
LiteLLM, a widely used open-source Python library, has fallen victim to a malicious attack by TeamPCP. This library, which translates API requests for various Large Language Models, is present in 36% of cloud environments, making its compromise particularly concerning. On March 24, 2026, malicious versions 1.82.7 and 1.82.8 were published on PyPI, exploiting vulnerabilities to deliver harmful payloads. These packages were quickly quarantined, but not before they could impact numerous users.
The attack utilized Python's .pth file mechanism to execute arbitrary code during the interpreter's initialization. This stealthy method allowed the malware to run without direct invocation of LiteLLM, making detection challenging. By the time the packages were removed, they had already begun exfiltrating sensitive data from affected systems.
Who's Being Targeted
The primary targets of this malware are organizations utilizing LiteLLM in their cloud environments. Given its prevalence, the impact is potentially widespread. The malicious payload is designed to collect sensitive information, including cloud credentials, SSH keys, and CI/CD secrets. This data is crucial for maintaining security in cloud infrastructures, and its theft can lead to severe security breaches.
Organizations that rely on LiteLLM for API translation are particularly vulnerable. The rapid deployment of these malicious packages means that many users may not have had the chance to secure their environments before the attack took place.
Signs of Infection
Indicators of infection include unexpected behavior in Python environments where LiteLLM is used. If users notice unusual API requests or unauthorized access to cloud services, it may be a sign that the malware is active. The malicious versions of LiteLLM execute a double base64-encoded payload, which can lead to data exfiltration without detection.
Furthermore, the malware collects various sensitive data types, including environment variables and database credentials. This extensive data collection mimics previous attacks seen in the KICS operation, indicating a pattern in TeamPCP's tactics.
How to Protect Yourself
To mitigate the risks associated with this malware, users should immediately check for the presence of the malicious LiteLLM versions in their environments. Monitoring tools like the Wiz Threat Center can provide guidance on identifying compromised packages and assessing the potential impact. Users are encouraged to:
- Regularly audit their Python packages and dependencies.
- Implement strict access controls for sensitive cloud resources.
- Stay informed about updates and advisories from trusted sources regarding open-source software vulnerabilities.
By taking these proactive steps, organizations can better protect themselves against similar attacks in the future. Vigilance and prompt action are essential in the fight against evolving malware threats.
Wiz Blog