Slowmist CISO: LiteLLM Suffers PyPI Supply Chain Attack, Sensitive Information Including Crypto Wallets and Cloud Credentials at Risk of Leakage

BlockBeats News, March 25 — According to 23pds, Chief Information Security Officer of SlowFog Technology, the Python AI gateway library LiteLLM, which has a monthly download volume of up to 97 million, was targeted in a supply chain attack on PyPI. The attacker could steal sensitive information on users' devices by executing the command pip install litellm. The sensitive data that can be stolen includes SSH keys, cloud service credentials (AWS / GCP / Azure), Kubernetes configuration files, Git credentials, API keys in environment variables, shell history, cryptocurrency wallet information, and database passwords.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments