Last updated 3 weeks ago
The LiteLLM Python package, a widely used technology tool for AI model integration, was compromised in a supply chain attack targeting the PyPI repository. The TeamPCP hacking group backdoored the package to execute credential harvesting operations, claiming to have stolen data from hundreds of thousands of devices during the campaign. This represents a continuation of TeamPCP's supply chain rampage against open-source software ecosystems.
The attack involved compromising the legitimate LiteLLM package on PyPI to distribute a malicious version containing credential-stealing functionality. The backdoor was designed to harvest authentication tokens and credentials from affected systems, enabling unauthorized access to downstream services and infrastructure. TeamPCP executed this attack as part of their ongoing supply chain campaign targeting popular open-source packages.
No post-incident developments regarding regulatory actions, litigation, ransom payments, or remediation milestones were confirmed in the available information. The breach represents an ongoing threat to organizations relying on compromised open-source dependencies in their software supply chains.
Compromised PyPI package with backdoor to steal credentials and authentication tokens
TeamPCP hacking group conducted a credential theft campaign on March 19, 2026, compromising Trivy, Checkmarx, and LiteLLM tools in a coordinated supply chain attack, with LiteLLM being specifically targeted through PyPI repository compromise.
Two specific compromised versions (1.82.7 and 1.82.8) were uploaded to PyPI on March 24, containing credential-stealing malware, and the attack is attributed to the TeamPCP cybercriminal group that rose to prominence in late 2025.
This breach demonstrates critical failures in software supply chain security controls, specifically inadequate validation of package integrity and provenance in open-source repositories. Organizations using LiteLLM and similar dependencies must implement robust software composition analysis and runtime protection mechanisms to detect credential exfiltration from compromised packages. The attack highlights the need for continuous monitoring of dependency behavior rather than relying solely on static vulnerability scanning.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor