Python interface for LLMs infected with malware via polluted CI/CD pipeline
Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.
Specifically, LiteLLM v1.82.7 and v1.82.8 have been taken down because they contain credential-stealing code in a component file,litellm_init.pth.
Krrish Dholakia, CEO of Berri AI, which maintains LiteLLM, said in an online post that the compromise appears to have originated from the use of Trivy in the project's CI/CD pipeline.
Trivy is an open source vulnerability scanner maintained by Aqua Security that many other projects include as a security measure. The malware campaign began in late February, when the attackers took advantage of a misconfiguration in Trivy's GitHub Actions environment to steal a privileged access token that allowed the manipulation of CI/CD, according to Aqua Security.
...read more at theregister.com
pull down to refresh
related posts
Well, well... shifting the blame, are we? From source:
That token of course fully automatically typed itself into one's CI. ~lol
So, if I got it right, the LiteLLM repos weren’t compromised, it was using a fake version of Trivvy that caused the issue. Is that right?
No. Only the production package publication key got compromised. lol.
They didn't isolate their Continuous Deployment (CD) production system from their Continuous Integration (CI) system where they use 3rd party vendors. So they basically were sending their production keys to their vendors.
Vendors didn't fuck them, they're nice guys. But one of the vendors got compromised, by less nice guys.
Bottom line: don't store production keys on GH.