Dear de.NBI Cloud Bielefeld users,
the Python package litellm on PyPI has been confirmed as compromised with a credential-stealing payload. See https://www.heise.de/en/news/Supply-chain-attack-on-LiteLLM-Affected-parties-should-change-credentials-11224139.html. Anyone who installed litellm==1.82.7 or litellm==1.82.8 via pip has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server: No import litellm required!
Note that litellm can also be installed as a dependency. litellm-Containers from the official Docker repository are not affected.
Please complete the following checklist on your VMs:
Check all your Python environments for the affected versions 1.82.7 and 1.82.8 with
pip3 show litellm
Or: search for the malicious file with
find / -name 'litellm_init.pth' 2>/dev/null
If you do find the malicious versions/file
1. uninstall the package immediately,
2. notify us
3. and rotate all of your potentially compromised credentials
4. comment out/remove affected public keys from all VMs that contain it and check if those hosts were compromised.
Best Regards,
de.NBI Cloud Bielefeld