TeamPCP Backdoors LiteLLM 1.82.7 & 1.82.8 — Credential Harvester Ships to 40k+ Installs | Security
Threat actor TeamPCP published backdoored versions of the litellm PyPI package on March 24, 2026, after stealing PyPI credentials via a compromised Trivy secur…
Published on MyPrivateClaw
Apr 2, 2026, 5:04 AM UTC
Coverage date
Mar 24, 2026
Last updated
Apr 4, 2026, 5:23 AM UTC
News summary
Threat actor TeamPCP published backdoored versions of the litellm PyPI package on March 24, 2026, after stealing PyPI credentials via a compromised Trivy security scanner. The malicious releases deployed a three stage backdoor using .pth files for stealthy persistence, harvested all API keys and cloud credentials on the host, and included a Kubernetes lateral movement toolkit for cluster wide spread. Over 40,000 downloads occurred before the packages were pulled. If you installed Hermes Agent, LangChain, or any tool with a litellm dependency before March 28, rotate all credentials immediately.