Security Alert
A critical supply chain vulnerability was discovered in the LiteLLM ecosystem targeting cloud credentials.
The Attack Vector: Dependency Confusion
The TeamPCP threat group utilized a \"Dependency Confusion\" attack by publishing a malicious version of a sub-dependency to the public PyPI registry. When developers ran `pip install litellm`, the installer prioritized the malicious public version over the intended private or cached one.
Payload & Exfiltration
The malicious payload was designed to exfiltrate **Environmental Variables**—specifically AI API keys (OpenAI, Anthropic) and AWS credentials—to a remote command-and-control (C2) server.