LiteLLM Supply Chain Attack - Deep Dive

On March 24, 2026, attackers published backdoored versions of LiteLLM to PyPI. The malware harvested cloud credentials, SSH keys, Kubernetes tokens, and pretty much everything else it could find on the host. This is the full breakdown of how it happened, step by step. The Scale of Impact LiteLLM gets roughly 3.4 million downloads per day. The compromised versions (1.82.7 and 1.82.8) were live on PyPI before being detected. Any organization that: Installed litellm for the first time during the window Updated litellm to the latest version during the window Had a CI/CD pipeline that pulled litellm without pinning to a specific version ...should assume that every credential accessible from that environment has been stolen. The remediation guidance is severe: rotate every secret that was present on any machine where the compromised version was installed. SSH keys, cloud credentials, database passwords, API keys, Kubernetes tokens. All of it. What is LiteLLM? LiteLLM is an open-source Python