← All stories

Infosecurity Magazine

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

2026-03-25 · Read original ↗

ATT&CK techniques detected

7 predictions

T1195.001Compromise Software Dependencies and Development Tools

96%

“teampcp expands supply chain campaign with litellm pypi compromise a widely used python package with more than 95 million monthly downloads has been compromised with credential - stealing malware, expanding the ongoing supply chain campaign linked to the teampcp threat group. the…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.001Compromise Software Dependencies and Development Tools

96%

“stage supply chain campaign across several developer ecosystems, including github actions, docker hub, npm, openvsx and pypi. " given the volume of stolen credentials across likely thousands of downstream environments, expect an increase in breach disclosures, follow - on intrusi…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.001Compromise Software Dependencies and Development Tools

94%

“if the package was not actively used. malware designed for credential theft and persistence analysis by jfrog researchers showed the malware operated in three stages, beginning with a hidden payload embedded inside package files. once triggered, the malware collected sensitive in…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1552.001Credentials In Files

64%

“if the package was not actively used. malware designed for credential theft and persistence analysis by jfrog researchers showed the malware operated in three stages, beginning with a hidden payload embedded inside package files. once triggered, the malware collected sensitive in…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195Supply Chain Compromise

44%

“stage supply chain campaign across several developer ecosystems, including github actions, docker hub, npm, openvsx and pypi. " given the volume of stolen credentials across likely thousands of downstream environments, expect an increase in breach disclosures, follow - on intrusi…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.002Compromise Software Supply Chain

41%

“stage supply chain campaign across several developer ecosystems, including github actions, docker hub, npm, openvsx and pypi. " given the volume of stolen credentials across likely thousands of downstream environments, expect an increase in breach disclosures, follow - on intrusi…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.002Compromise Software Supply Chain

40%

“if the package was not actively used. malware designed for credential theft and persistence analysis by jfrog researchers showed the malware operated in three stages, beginning with a hidden payload embedded inside package files. once triggered, the malware collected sensitive in…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group