My minute-by-minute response to the LiteLLM malware attack
Summary
The article provides a minute-by-minute account of detecting and responding to a PyPI supply chain attack involving litellm, detailing how a compromised package led to a fork bomb, persistence attempts, and credential exfiltration. It also covers malware analysis, root-cause assessment, and concrete mitigations for developers and operators.