Comment by Imustaskforhelp

24 days ago

> tried to test the LiteLLM hack but the affected packages had been pulled

Hey, I have been part of the archival effect/Litellm issue thread. I think I have stored them in archive.org for preservation purposes

https://web.archive.org/web/20260325073027/https://files.pyt...

(I have also made an archive of the github issue with all the comments manually till a certain point at https://web.archive.org/web/20260325054202/https://serjaimel...)

6 comments

Imustaskforhelp

Reply
tonymet  23 days ago

the primitive clamscan experiment worked! it detected Txt.Trojan.TeamPCP-10059839-1 from the .tar.gz archive. I'll continue testing to see if it's viable

   # apk add clamav-scanner freshclam
   # freshclam
   # curl -LO https://web.archive.org/web/20260325073027/https://files.pythonhosted.org/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz

    # clamscan litellm-1.82.8.tar.gz
   Loading:     6s, ETA:   0s [========================>]    3.63M/3.63M sigs
   Compiling:   2s, ETA:   0s [========================>]       41/41 tasks

   /root/supply-chain-scanner/pkg/litellm-1.82.8.tar.gz: Txt.Trojan.TeamPCP-10059839-1 FOUND

   ----------- SCAN SUMMARY -----------
   Known viruses: 3627757
   Engine version: 1.4.4
   Scanned directories: 0
   Scanned files: 1
   Infected files: 1
   Data scanned: 94.98 MB
   Data read: 16.59 MB (ratio 5.72:1)
   Time: 50.057 sec (0 m 50 s)
   Start Date: 2026:04:01 19:57:23
   End Date:   2026:04:01 19:58:13

tonymet  23 days ago

thanks for highlighting that i will take a look and see if there's similar archive for the other vulnerabilities as well .

If i can make it work with clamscan & MS Defender i'll run a scan and try to report back

  • Imustaskforhelp  23 days ago

    Glad to see that Clamscan experiment worked. Keep me updated on the continued testing and I am glad that my archival efforts are appreciated :)

    • tonymet  23 days ago

      absolutely massive help. i love HN community and thanks. If you do see an archive of axios or other compromised artifacts, please send those my way for continued testing. i'm going to test automation and see if this actually has utility.

      2 replies →