Scan your entire system for traces of the compromised litellm Python package.
Built in response to the TeamPCP supply chain attack (March 24, 2026) where versions 1.82.7 and 1.82.8 were published to PyPI with a backdoor that harvests credentials, establishes persistence, and exfiltrates data to a C2 server.
Reference: https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/