LiteLLM v1.82.8 PyPI Package Compromised with Credential-Stealing Malware
Published 2026-03-24Ingested 2026-03-25AI Infrastructure and ComputeHigh⭐ Timeline Candidate
Summary
LiteLLM version 1.82.8, a widely used Python library for abstracting access to multiple LLM APIs, was found to contain a malicious credential stealer in its PyPI package. The attack used a base64-encoded payload hidden in a litellm_init.pth file, a Python path configuration file that executes automatically when the package is installed — meaning victims did not even need to import or run the library for the malware to activate. The compromised package was published directly to PyPI, indicating e
Alignment: Reinforces current position
Related Positions: ai-infrastructure-strategy.md, multi-model-multi-vendor.md, ai-governance-and-risk.md
supply-chain-attacklitellmpypicredential-theftai-securitydependency-managementopen-source-riskmulti-model-routingpackage-compromiseai-infrastructure