LiteLLM Got Backdoored: Full Technical Breakdown, Incident Response, and Why Self-Hosted LLM Proxies Are a Liability

1d ago · 11 min read · On March 24, 2026, two malicious versions of LiteLLM landed on PyPI. Versions 1.82.7 and 1.82.8, published by a threat actor called TeamPCP, contained a three-stage payload that harvested SSH keys, cl