The PyPI package litellm version 1.82.8 has been compromised with a malicious .pth file that steals credentials and sensitive data. The malware is triggered automatically when the Python interpreter starts, without requiring an import statement. The compromised package affects local development machines, CI/CD pipelines, Docker containers, and production servers. Users are advised to check for the malicious file, rotate credentials, and audit their PyPI publishing credentials and CI/CD pipeline for compromise.