March 26, 2026
Fork bomb or false alarm?
My minute-by-minute response to the LiteLLM malware attack
Live chat with an AI, 11k ghost apps, and a hero claim — commenters cheer, nitpick, and feud
TLDR: A developer shared a live chat with an AI as he unraveled a booby‑trapped software update and an 11k‑process panic. Commenters split between praising the quick disclosure, demanding real‑time alerts from app stores, and arguing that everyone should "write native" instead—proof that AI is both hero and suspect.
Grab your popcorn: a developer dropped a minute‑by‑minute chat with an AI assistant showing how he traced a suspected LiteLLM software‑supply attack in real time. He describes his laptop melting under an "11k‑process stampede" and eerie lines like exec(base64...)—then walks Claude Code through the chaos to a calm, methodical cleanup. The twist? The AI suggests the storm looked more like a runaway script spawning endless mini‑apps than a sneaky implant, though the wider LiteLLM package incident still had everyone on edge. By posting the raw transcript, the dev turned a private panic into a public play‑by‑play, and the crowd went wild.
Top comment drama came fast: user Fibonar planted a flag—"I was first to spot and report it"—drawing hero emojis and side‑eye. Cedws pushed for a "firehose" of live alerts from code stores like GitHub and PyPI so scanners can catch bad updates. Then dmitrygr tossed a grenade: "write native" (plain C), claiming libc, the core C library, has never had a supply‑chain hit—cue pushback. Meanwhile, toolmaker simonw’s claude-code-transcripts got a proud cameo, and memes rolled in: "fork bomb Friday," "htop bingo," and a salute from moralestapia. Verdict: AI is now first responder—and also the new suspect.
Key Points
- •The article shares a Claude Code transcript documenting discovery and response to a LiteLLM 1.82.8 supply-chain attack on March 24, 2026.
- •The investigation began with a frozen laptop and an htop view showing ~11k processes running exec(base64.b64decode(...)).
- •Process forensics identified normal Claude Code MCP bridges, a uv run chain from zsh, and orphaned python -c processes reparented to launchd.
- •The exec(base64...) pattern was deemed a common, non-malicious mechanism for python -c; the likely cause was a runaway spawning loop from a Claude Code tool/agent or a uv script.
- •No persistence mechanisms were found; recommended mitigations included checking for looping agents, using killall python3.13 if needed, and setting ulimit -u 2048.