BlockBeats News, March 25, according to SlowMist Chief Information Security Officer 23pds, the Python AI gateway library LiteLLM, which has a monthly download volume of up to 97 million times, has experienced a PyPI supply chain attack. Attackers can steal sensitive information on users’ devices through the `pip install litellm` command. The stolen sensitive data includes: SSH keys, cloud service credentials (AWS / GCP / Azure), Kubernetes configuration files, Git credentials, API keys in environment variables, shell history, cryptocurrency wallet information, and database passwords.
Blog
