THE Hacker News reports that in March 2026 the TeamPCP threat actor demonstrated how valuable the developer workstation has become by turning LiteLLM, a popular AI development library downloaded millions of times daily, into a credential harvesting vector.
The attack involved compromising LiteLLM package versions 1.82.7 and 1.82.8 on PyPI, injecting infostealer malware that activated when developers installed or updated the package, enabling the theft of SSH keys, cloud credentials for AWS, Azure and GCP, Docker configurations and other sensitive data from developer machines.
GitGuardian’s analysis found that 1,705 PyPI packages were configured to automatically pull the compromised LiteLLM versions as dependencies, creating a cascade where even organisations not directly using LiteLLM could be affected through transitive dependencies. The report highlights that the malware leveraged plaintext secrets residing on disk, including those in .env files and other local storage locations, reinforcing the risk to developer endpoints.
PyPI removed the malicious packages within hours of detection, but the broader impact underscores why developer machines are attractive targets for supply chain attacks.