This issue report describes a credential-stealing attack buried within LiteLLM 1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety of information, including SSH keys, credentials for a number of cloud services, crypto wallets, and so on. Anybody who has installed this package has likely been compromised and needs to respond accordingly.

Update: see this futuresearch article for some more information. "The release contains a malicious .pth file (litellm_init.pth) that executes automatically on every Python process startup when litellm is installed in the environment."