Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
11 points by dot_treo 6 hours ago | 3 comments
About an hour ago new versions have been deployed to PyPI.

I was just settingup a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running.

I've investigated, and found that a base64 encoded blob has been added to proxy_server.py.

It writes and decodes another file which it then runs.

I'm in the process of reporting this upstream, but wanted to give everyone here a headsup.

It is also reported in this issue: https://github.com/BerriAI/litellm/issues/24512

  • bfeynman 5 hours ago |
    pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk
    • dot_treo 5 hours ago |
      Even just having an import statement for it is enough to trigger the malware in 1.82.8.
  • homanp 3 hours ago |
    How were they compromised? Phishing?