A critical security compromise has been discovered in the PyPI package litellm version 1.82.8, revealing a supply chain attack designed to steal user credentials. The malicious package contains a hidden file named litellm_init.pth that automatically executes a credential-stealing script whenever a Python interpreter starts, regardless of whether the litellm library is explicitly imported. The threat actor exploited the PyPI registry to distribute the compromised wheel package. The malicious .pth file is double base64-encoded and executes a sophisticated payload upon initialization. This payload operates in two distinct stages: information collection and exfiltration. During the collection phase, the script systematically targets a wide array of sensitive data on the host system. This includes general system information such as hostname and IP addresses, as well as environment variables that often contain API keys and secret tokens. The attacker specifically targets SSH keys, Git credentials, and configuration files for major cloud providers including AWS, Google Cloud Platform, and Azure. The script also scans for Kubernetes secrets, Docker configurations, and various other secrets stored in standard configuration files for databases, vaults, and package managers. Furthermore, it harvests cryptocurrency wallet files, SSL private keys, CI/CD secret files, and shell history to maximize the potential data breach. Once the data is gathered, the script enters the encryption and exfiltration stage. The collected information is written to a temporary file and encrypted using AES-256 with a randomly generated session key. This session key is then encrypted using a hardcoded 4096-bit RSA public key. The final encrypted archive is compressed and transmitted to a server controlled by the attacker via the tcp protocol. The impact of this compromise is severe for any developer or system that installed litellm version 1.82.8 via pip. All environment variables and sensitive configuration files present on the affected machines have likely been compromised and sent to the attackers. The BerriAI organization, which maintains the litellm project, has been notified of the incident. Immediate remediation actions are required. Users must uninstall the affected version of the package and audit their systems for the presence of the malicious litellm_init.pth file within their site-packages directory. It is critical for all users to rotate every credential, key, and token that may have been present on compromised systems, including cloud access keys, SSH keys, and database passwords. On the platform level, PyPI administrators should yank or remove the 1.82.8 version of litellm immediately to prevent further installations. BerriAI is advised to conduct a thorough audit of their PyPI publishing credentials and CI/CD pipelines to identify the source of the compromise and secure their release process. This incident underscores the critical importance of supply chain security and the risks associated with third-party dependencies. Developers are urged to verify package integrity and consider using pinned versions or alternative sources when deploying critical infrastructure tools.