Dear de.NBI Cloud Tübingen users,
the Python package litellm on PyPI has been confirmed as compromised with a credential-stealing payload. See https://www.heise.de/en/news/Supply-chain-attack-on-LiteLLM-Affected-parties-should-change-credentials-11224139.html. Anyone who installed litellm==1.82.7 or litellm==1.82.8 via pip has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server: No import litellm required!
Note, that litellm can also be installed as a dependency.
Please complete the following checklist on your VMs and PCs:
Check all your Python environments for the affected versions 1.82.7 and 1.82.8 with
pip3 show litellm
Or: search for the malicious file with
find ~ -name 'litellm_init.pth' 2>/dev/null
If you do find the malicious versions/file
1. uninstall the package immediately,
2. notify us
3. and rotate all of your potentially compromised credentials
4. comment out/remove affected public keys from all VMs that contain it and check if those hosts were compromised.
Best Regards, Benjamin (on behalf of the de.NBI admin team Tübingen)