When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Mercor says it is "one of thousands of companies" hit by the recent LiteLLM attack

The LiteLLM attack, one of the largest supply chain attacks in the AI industry, affected Mercor, whose data was stolen and posted on dark web forums.
System hacked on a blue screen
Image via DepositPhotos.com

A couple of days ago, a group of hackers known as TeamPCP pulled off a ballsy supply chain attack against a core piece of AI infrastructure. They targeted LiteLLM, a super popular open-source API gateway that lets developers talk to over 100 different Large Language Models like OpenAI and Anthropic.

The hackers got in by first compromising the Trivy vulnerability scanner through a misconfigured GitHub Actions workflow. With access, they snatched the PyPI publishing token for LiteLLM and pushed two malicious versions, 1.82.7 and 1.82.8, directly to the public registry. Once infected, the malware would automatically run and steal SSH keys, .env files, cloud provider credentials, cryptocurrency wallets, and AI API keys.

Now, Mercor, an AI recruiting and training-data startup, has confirmed it was "one of thousands of companies" hit by the attack. In a statement to TechCrunch, Mercor spokesperson Heidi Hagberg said:

We are conducting a thorough investigation supported by leading third-party forensics experts. We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.

The attackers were only caught because of a small bug in their code that caused a massive memory leak. Callum McMahon, an engineer at FutureSearch, who was testing an AI plugin that happened to use LiteLLM, noticed his machine kept crashing. He traced the problem back to a malicious file that was recursively spawning new processes, accidentally creating a "fork bomb" that exhausted all the system's RAM.

If you think you have been infected, the first (obvious) step is to rotate all keys and secrets. After that, you need to upgrade LiteLLM. The last safe pre-attack version is 1.82.6, and the first patched post-attack version is 1.83.0.

It seems there has been an increase in security incidents affecting developer tools. Shortly after the LiteLLM attack, the popular JavaScript library Axios was also compromised on NPM. In that case, hackers stole the credentials of a lead maintainer, changed the account email to an anonymous ProtonMail address, and published two poisoned versions. The malware even tries to be clever about it, self-destructing its own malicious scripts after execution and replacing its package.json with a decoy to hide its tracks.

Whoop
Next Article

Google apparently working on a screenless fitness band, to compete with Whoop

Google Account Email
Previous Article

Google is finally letting you change your Gmail address

0 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here