Source: Bleeping Computer
Summary
LiteLLM, an AI open source project used by millions, was infected with credential harvesting malware. The malware was discovered in the project’s dependencies, which are used to store and manage sensitive user data. The infected dependencies were downloaded millions of times, potentially exposing users’ credentials. The project’s maintainers have since removed the infected dependencies and issued a warning to users. An investigation is ongoing to determine the extent of the breach.
Our Reading
The update arrives with confidence.
LiteLLM’s AI open source project, used by millions, got a free “feature” – credential harvesting malware. Because what’s AI without a side of stolen passwords? The malware was hiding in plain sight, in the project’s dependencies. Millions of downloads later, users are advised to change their passwords. Again. Because open source security is all about “community” – the community of hackers, that is. The project’s maintainers are “investigating” – code for “we have no idea how this happened”.
Author: Evan Null
