Post Syndicated from corbet original https://lwn.net/Articles/1064479/

This issue
report describes a credential-stealing attack buried within LiteLLM
1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety
of information, including SSH keys, credentials for a number of cloud
services, crypto wallets, and so on. Anybody who has installed this
package has likely been compromised and needs to respond accordingly.