TeamPCP LiteLLM Supply Chain Attack Persistence Indicators

calendar Apr 1, 2026 · attack.persistence attack.privilege-escalation attack.t1543.002 attack.initial-access attack.t1195.002 detection.emerging-threats  ·
Share on: linkedin copy

Detects the creation of specific persistence files as observed in the LiteLLM PyPI supply chain attack. In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.

Sigma rule (View on GitHub)

 1title: TeamPCP LiteLLM Supply Chain Attack Persistence Indicators
 2id: 81c0b7f5-81c9-435e-a291-bc32fc2b72cd
 3status: experimental
 4description: |
 5    Detects the creation of specific persistence files as observed in the LiteLLM PyPI supply chain attack.
 6    In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP.
 7    The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.    
 8references:
 9    - https://novasky.io/hunts/hunting-litellm-supply-chain
10    - https://www.virustotal.com/gui/file/71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238/
11    - https://huskyhacks.io/posts/litellm-cred-stealer/
12    - https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
13author: Swachchhanda Shrawan Poudel (Nextron Systems)
14date: 2026-03-30
15tags:
16    - attack.persistence
17    - attack.privilege-escalation
18    - attack.t1543.002
19    - attack.initial-access
20    - attack.t1195.002
21    - detection.emerging-threats
22logsource:
23    category: file_event
24    product: linux
25detection:
26    selection:
27        Image|contains: '/python3'
28        TargetFilename|endswith:
29            - '/.config/sysmon/sysmon.py'
30            - '/.config/systemd/user/sysmon.service'
31    condition: selection
32falsepositives:
33    - Unknown
34level: high

References

Related rules

to-top