A malicious release of litellm version 1.82.8 was published to PyPI on March 24, 2026.
The package contains a hidden .pth file that executes on every Python interpreter startup, spawning a subprocess that triggers the same .pth again, creating an exponential fork bomb.
The malware harvests credentials (SSH keys, cloud provider tokens, Kubernetes configs, environment variables, etc.), encrypts them with a hard‑coded RSA key, and exfiltrates them to a malicious domain.
The package contains a hidden .pth file that executes on every Python interpreter startup, spawning a subprocess that triggers the same .pth again, creating an exponential fork bomb.
The malware harvests credentials (SSH keys, cloud provider tokens, Kubernetes configs, environment variables, etc.), encrypts them with a hard‑coded RSA key, and exfiltrates them to a malicious domain.
