TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

2026-03-24

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

TeamPCP compromised litellm Python package versions 1.82.7 and 1.82.8 by exploiting the package's use of Trivy in its CI/CD pipeline, embedding a three-stage malicious payload.

•The payload deploys a credential harvester targeting SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files
•A Kubernetes lateral movement toolkit uses the service account token to enumerate cluster nodes and deploy privileged pods to each
•A persistent systemd backdoor (sysmon.service) polls checkmarx[.]zone/raw every 50 minutes for next-stage payloads, with a YouTube URL kill switch
•Version 1.82.8 added a malicious litellm_init.pth file that triggers execution on every Python process startup, not just on litellm import
•

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture