Rather than droning on about this, here's a prompt you can give to your favorite AI to give you all the details you need. You need a prompt that forces the AI to act as a security auditor rather than just a general assistant. Since this involves a supply chain attack with persistence (the `.pth` file trick), the prompt should focus on **detection**, **scope**, and **remediation**.
Here is a high-value prompt you can use:
---
### **The "LiteLLM Incident Audit" Prompt**
> "Act as a Senior Cybersecurity Incident Responder. I am concerned about the March 2026 TeamPCP supply chain attack on the `litellm` PyPI package (specifically versions 1.82.7 and 1.82.8).
>
> 1. **Explain the Persistence Mechanism:** How does the malicious `litellm_init.pth` file allow code to execute automatically even after the package is uninstalled?
> 2. **Audit My Environment:** Give me a step-by-step checklist to scan my Linux and Windows systems for this specific malware, including file paths for `.pth` files, suspicious systemd services, and scheduled tasks.
> 3. **Blast Radius:** List every type of credential this malware is known to exfiltrate (SSH, Cloud, Crypto, etc.) and explain why rotating API keys is mandatory even if the malware is deleted.
> 4. **Remediation:** If I find an infection, what are the 'scorched earth' steps I must take to ensure my development environment is truly clean?"
---
### **Why this prompt works:**
* **Targets the Specific Versions:** It prevents the AI from giving generic advice about old vulnerabilities.
* **Focuses on "Invisible" Execution:** Most users don't realize that Python `.pth` files are a massive security back door that executes code on startup.
* **Demands a Checklist:** It moves the conversation from "What is this?" to "How do I fix this right now?"