Litellm PyPI Package Compromised: Malicious Version 1.82.8 Exfiltrated Credentials

Security Alert: Litellm Package Compromise

The litellm Python package, which has approximately 97 million downloads per month and is used to unify API calls to OpenAI, Anthropic, Cohere, and other LLM providers, was compromised on PyPI. A malicious version (1.82.8) was uploaded that exfiltrated sensitive data from affected systems.

What Happened

For approximately one hour, running pip install litellm or installing any package that depends on it (such as DSPy) would trigger data exfiltration. The malicious version collected:

• SSH keys
• AWS, GCP, and Azure credentials
• Kubernetes configuration files
• Git credentials and shell history
• All environment variables (including API keys and secrets)
• Crypto wallet information
• SSL private keys
• CI/CD secrets

The attack was discovered when a user's machine crashed. Andrej Karpathy described it as "the scariest thing imaginable in modern software."

Immediate Action Required

If you installed any Python packages yesterday (especially DSPy or any litellm-dependent tool), assume your credentials are compromised. You should:

• Rotate all potentially affected credentials immediately
• Check your package versions for litellm 1.82.8
• Review the full breakdown in the source for specific remediation steps

The malicious version has been removed from PyPI, but credentials may already have been stolen during the hour the package was active.