Hackers sneak crypto wallet-stealing code into a popular AI tool that runs every time
Malicious versions of the LiteLLM Python library were published, stealing crypto wallets, Solana validator keys, and cloud credentials upon execution.Summary
Attackers compromised a maintainer account for the popular Python library LiteLLM, publishing malicious versions 1.82.7 and 1.82.8 to PyPI on March 24th. LiteLLM, used as a unified interface for over 100 LLM providers, is often present in credential-rich developer environments. Version 1.82.8 was particularly dangerous as it planted a .pth file that executed malicious code every time Python started, leading to tens of thousands of downloads in under an hour.
The payload was designed to steal sensitive information, specifically targeting Bitcoin wallet files, Ethereum keystores, and Solana configuration files, including validator key pairs and authority files. Furthermore, the malware harvested SSH keys, environment variables, cloud credentials (querying AWS Secrets Manager upon finding valid keys), and Kubernetes secrets, even creating privileged pods for persistence.
The incident is linked to a wider campaign targeting developer ecosystems. While PyPI quarantined the malicious versions quickly, teams that installed the compromised builds during the window (10:39 UTC to 16:00 UTC on Mar. 24) should treat their environments as fully compromised. Recommended remediation includes rotating all secrets, auditing for the persistence file, and implementing stricter security practices like hermetic builds and better role separation for crypto operations.
(Source:CryptoSlate)