{"id":227936,"date":"2026-03-24T15:11:00","date_gmt":"2026-03-24T19:11:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/24\/litellm-infected-with-credential-stealing-code-via-trivy-the-register\/"},"modified":"2026-03-26T17:10:18","modified_gmt":"2026-03-26T21:10:18","slug":"litellm-infected-with-credential-stealing-code-via-trivy-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/24\/litellm-infected-with-credential-stealing-code-via-trivy-the-register\/","title":{"rendered":"LiteLLM infected with credential-stealing code via Trivy \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/\">LiteLLM infected with credential-stealing code via Trivy \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/\">https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-24 15:11:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.<\/p>\n<p>Specifically, LiteLLM v1.82.7 and v1.82.8 have been taken down because they contain credential-stealing code in a component file, litellm_init.pth.<\/p>\n<p>Krrish Dholakia, CEO of Berri AI, which maintains LiteLLM, said in an online post that the compromise appears to have originated from the use of Trivy in the project&#8217;s CI\/CD pipeline.<\/p>\n<p>Trivy is an open source vulnerability scanner maintained by Aqua Security that many other projects include as a security measure. The malware campaign began in late February, when the attackers took advantage of a misconfiguration in Trivy&#8217;s GitHub Actions environment to steal a privileged access token that allowed the manipulation of CI\/CD, according to Aqua Security.<\/p>\n<p>The software was subverted on March 19, when attackers referred to as TeamPCP used compromised credentials to publish a malicious Trivy release (v0.69.4), and again on March 22, when malicious Trivy versions v0.69.5 and v0.69.6 were published as DockerHub images.<\/p>\n<p>But Aqua Security explains that the approach taken by the attackers was more sophisticated than just uploading a new malicious version of Trivy.<\/p>\n<p>&#8220;By modifying existing version tags associated with [the GitHub Action script] trivy-action, they injected malicious code into workflows that organizations were already running,&#8221; the company said. &#8220;Because many CI\/CD pipelines rely on version tags rather than pinned commits, these pipelines continued to execute without any indication that the underlying code had changed.&#8221;<\/p>\n<p>Dholakia said that LiteLLM&#8217;s PYPI_PUBLISH token, stored in the project&#8217;s GitHub repo as an .env variable, got&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LiteLLM infected with credential-stealing code via Trivy \u2022 The Register https:\/\/www.theregister.com\/2026\/03\/24\/trivy_compromise_litellm\/ Publish Date: 2026-03-24 15:11:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":227937,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2015\/11\/20\/checkmate.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,32,27],"class_list":["post-227936","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227936"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=227936"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227936\/revisions"}],"predecessor-version":[{"id":227938,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227936\/revisions\/227938"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/227937"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=227936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=227936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=227936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}