# PyPI package stole AWS, SSH, and crypto keys before it was even imported

- slug: pypi-package-stole-aws-ssh-and-crypto-keys-before-it-was-even-imported
- date: 2026-03-24
- category: Artificial Intelligence

A malicious version of litellm, a popular Python library for managing large language model API calls, was published to the Python Package Index overnight and quarantined within hours, but the compromise highlights a particularly insidious feature of the Python packaging ecosystem that made the at...

---