Cybersecurity Headlines Torg Grabber targets crypto, TeamPCP backdoors LiteLLM, GitHub AI bug detection
18 snips
Mar 26, 2026 A rundown of Torg Grabber's campaign against over 700 crypto wallets and its evasion and exfiltration tactics. A supply-chain sabotage that backdoored LiteLLM Python packages via a tainted dependency. Deep dives on payload behavior stealing keys, secrets and spreading through Kubernetes. GitHub's new AI-powered security scanner and its autofix and detection results.
AI Snips
Chapters
Transcript
Episode notes
Torg Grabber Mass Targets Crypto Wallets
- Torg Grabber targets browser extensions and crypto wallets at scale to harvest credentials and wallet data.
- Gen Digital found it infects via click-fix PowerShell tricks, uses Cloudflare HTTPS exfiltration, in-memory execution, and anti-analysis evasion.
Supply Chain Backdoor Compromises LiteLLM
- Team PCP tainted a Python dependency to backdoor LiteLLM packages and automatically execute payloads in victims' environments.
- Researchers at Endor Labs and JFrog say the malware harvests SSH keys, cloud secrets, crypto wallets, and spreads across Kubernetes, installing persistent backdoors.
Rotate Credentials After Package Compromise
- Treat affected environments as fully compromised and rotate all credentials immediately.
- Maintainers and the Python Packaging Authority warn to assume compromise after the tainted Trivi dependency was discovered.