216.73.216.133

Supply Chain Attack: Malicious PyPI Packages

· Published 25/03/2026 10:38 · Modified 27/03/2026 00:08

Export JSON

Essential information

Published
25/03/2026 10:38
Modified
27/03/2026 00:08
Tags
2026-03-25 cloud security litellm pypi supply chain attack
Related entities
1 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 others

Description

TeamPCP has launched a targeting , an open-source Python library used in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 were published on , employing sophisticated techniques for payload delivery and persistence. The compromised packages exploit Python's .pth mechanism for stealthy execution across any Python process. The malware collects sensitive data including API keys, cloud credentials, and CI/CD secrets, encrypting and exfiltrating them to attacker-controlled domains. This attack follows TeamPCP's previous compromises of Aqua Security's Trivy and Checkmarx tools, highlighting an ongoing campaign against the open-source ecosystem. The incident underscores the potential for widespread impact and the need for vigilance in software supply chain security.

External references