Your `pip install` Just Stole Your SSH Keys: The LiteLLM Supply Chain Attack Explained

A single pip install litellm==1.82.8 was enough to drain everything off your machine. No suspicious imports. No weird prompts. Just a package install, and your AWS credentials, SSH keys, and API keys were already heading to an attacker's server. Here's what happened, why it's scary, and what you can actually do about it. What Happened On March 24, 2026, LiteLLM version 1.82.8 landed on PyPI with a malicious file bundled inside: litellm_init.pth . That .pth extension is why this attack is so nasty. Python automatically runs .pth files in your site-packages directory every time the Python interpreter starts . No import needed, no user interaction. The attacker hid a double base64-encoded payload inside this file. The moment Python ran, the payload ran too. What did it grab? Pretty much everything: All your environment variables ( OPENAI_API_KEY , AWS_SECRET_ACCESS_KEY , all of it) SSH private keys ( ~/.ssh/id_rsa , id_ed25519 , and more) AWS, GCP, Azure, and Kubernetes credentials Git cr