Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer - Sonatype
Why This Matters Now On December 10, 2023, Sonatype reported a critical security incident involving the litellm package on the Python Package Index (PyPI). The malicious version of litellm was designed to steal credentials through a sophisticated multi-stage process. This became urgent because many developers unknowingly installed the compromised package, putting their systems at risk of credential theft and other malicious activities. 🚨 Security Alert: The compromised litellm package has been identified as a significant threat. Immediate action is required to prevent credential theft. 15K+Downloads Affected 24hrsTime to Respond Timeline of Events December 8, 2023 Malicious version of litellm uploaded to PyPI. ...