litellm.cloud

Risk Category: DANGER – CONFIRMED MALICIOUS / DATA EXFILTRATION

URLert.com has classified litellm.cloud as a high-risk malicious domain. This domain is currently serving as the primary command-and-control (C2) and data exfiltration endpoint for a confirmed supply chain attack targeting the popular Python library litellm. On March 24, 2026, compromised versions of the library (1.82.7 and 1.82.8) were published to PyPI, containing a malicious .pth file that executes automatically upon Python startup.

Specific Findings & Risks:

• Confirmed Data Theft: The domain is used to receive encrypted archives containing stolen SSH private keys, AWS/GCP/Azure credentials, Kubernetes configurations, and .env files harvested from infected machines.
• Supply Chain Compromise: This domain is not part of the legitimate litellm infrastructure. It was registered only 1 day ago (March 24, 2026) specifically to facilitate this attack.
• Lateral Movement: The malware associated with this domain attempts to spread through Kubernetes clusters by creating privileged pods and installing persistent backdoors (sysmon.py).
• High-Risk Infrastructure: Hosted via Ghosty Networks LLC, the domain uses a .cloud TLD and currently fails to resolve to any legitimate public-facing content, consistent with a dedicated malware backend.

IMMEDIATE ACTION REQUIRED: Block all traffic to *.litellm.cloud at the firewall or DNS level. If you have installed or updated litellm on or after March 24, 2026, audit your environment for versions 1.82.7 or 1.82.8. You must assume all credentials on affected systems (SSH, Cloud APIs, Database passwords) are compromised and rotate them immediately. Check for persistence markers at ~/.config/sysmon/sysmon.py.