On March 24, 2026, the PyPI account of LiteLLM, an open-source AI tool library, was compromised by the hacker group TeamPCP, which released versions v1.82.7 and v1.82.8 containing malicious code. The malicious file, litellm_init.pth, exploited Python's .pth mechanism to automatically execute when users initiated Python processes, stealing sensitive data such as SSH keys, cloud service credentials, and cryptocurrency wallets. The attackers gained release permissions by tampering with the GitHub Action of the security tool Trivy. The malicious code was double base64-encoded and used AES-256-CBC and RSA-4096 for encrypted data transmission. With 95 million monthly installations and over 40,000 GitHub stars, this tool is one of the core infrastructures in the AI development field. PyPI isolated the malicious versions three hours after their release, but a significant number of users were already affected. The maintainers confirmed that the vulnerability originated from the compromise of the Trivy tool, have withdrawn the malicious versions, and released a secure version, v1.82.6. Affected users must immediately check their versions, remove the malicious package, clear caches, inspect persistent artifacts, and replace all credentials.