GoKawiil[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 PyPI package — credential stealer
Summary
The litellm==1.82.8 wheel package on PyPI contains a malicious .pth file ( litellm_init.pth , 34,628 bytes) that automatically executes a credential-stealing script every time the Python interpreter starts — no import litellm required.
This is a supply chain compromise. The malicious file is listed in the package's own RECORD :
litellm_init.pth,sha256=ceNa7wMJnNHy1kRnNCcwJaFjWX3pORLfMh7xGL8TUjg,34628
Reproduction
pip download litellm==1.82.8 --no-deps -d /tmp/check python3 -c " import zipfile, os whl = '/tmp/check/' + [f for f in os.listdir('/tmp/check') if f.endswith('.whl')][0] with zipfile.ZipFile(whl) as z: pth = [n for n in z.namelist() if n.endswith('.pth')] print('PTH files:', pth) for p in pth: print(z.read(p)[:300]) "
You will see litellm_init.pth containing:
import os , subprocess , sys ; subprocess . Popen ([ sys . executable , "-c" , "import base64; exec(base64.b64decode('...'))" ])
Malicious Behavior (full analysis)
... continue reading