Technical description
TeamPCP hacking group planted credential-stealing malware inside LiteLLM, a widely-used open-source AI gateway library downloaded millions of times daily. The same group also poisoned Axios, KICS, and Telnyx packages. Mercor ($10B AI startup) confirmed as a victim with 4TB of data claimed by Lapsus$.
Attack vector
Malicious code injected into LiteLLM PyPI packages harvested credentials from downstream installations. Estimated 500,000 machines compromised, with over 1,000 SaaS environments confirmed affected by Mandiant.
Affected systems
Any system running compromised LiteLLM versions. Downstream customers include Anthropic, OpenAI, Meta, and thousands of enterprises using LiteLLM as an AI model routing proxy.
Mitigation
Verify LiteLLM package integrity against known-good hashes. Rotate all credentials on systems that installed LiteLLM in the affected timeframe. Audit for indicators of compromise identified by Mandiant. Pin dependencies and enable package signing verification.