A serious cyberattack occurred at the Artificial Intelligence Library

Leading experts in the field of cybersecurity have announced a serious issue detected in the LiteLLM library related to the world-famous Python programming language. This was reported by Zamin.uz.

Attackers uploaded two malicious versions of this software to the PyPI package repository, turning it into a widely used tool for creating artificial intelligence programs. As a result, users' login credentials and secret keys were stolen.

The vulnerable versions 1.82.7 and 1.82.8 have been removed from the repository for now, while version 1.82.6 has been found safe and confirmed to be usable. The LiteLLM software library allows developers to connect with various artificial intelligence models through a single software interface.

Since this package is downloaded millions of times daily, the incident could pose a serious threat to servers and cloud systems worldwide. Research revealed that the malicious code was hidden inside the project files.

This virus, which activates automatically when the program starts, is even more dangerous in version 1.82.8, where a special file was added to ensure it loads every time, even if the main program is not used. The malicious software collected SSH keys from systems, tokens for cloud services, cryptocurrency wallet information, and environment variable files.

Additionally, hackers managed to move across clusters and install persistent backdoors, sending data encrypted to their own servers. This attack is believed to have been carried out by the TeamPCP hacking group.

While some sources claim nearly half a million systems were infected, these numbers have not yet been fully confirmed. Developers recommend checking their systems and removing malicious packages.