{"id":"MAL-2026-10163","summary":"Malicious code in llama-tokenizer (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b22305b1026f27be6d5b78dc19f7db7a05cc9d1818b7ebc7cda0fce92431aa02)\nThis package typosquats llama-tokenizer-js. On require, index.js reconstructs a host and URL path from String.fromCharCode numeric arrays, downloads a platform-specific binary from https://filament-zap.vercel.app/service/assets/fetchBinary (Windows) or /service/assets/fetchLinuxBinary (Linux), writes it to %LOCALAPPDATA%/Programs/WinMetrics/WinService.exe on Windows or ~/.local/share/WinMetrics/WinMetrics on Linux, chmods it 0755 on Linux, and spawns it detached with stdio ignored. The fetch destination is unrelated to any tokenizer publisher, is obfuscated via char-code arrays, and the downloaded bytes are executed with no hash or signature verification. index.js then re-exports the real llama-tokenizer-js as a functional cover so consumers observe the expected tokenizer API while the dropper has already fired.\n","modified":"2026-07-10T18:16:49.951016844Z","published":"2026-07-10T17:50:28Z","database_specific":{"malicious-packages-origins":[{"source":"amazon-inspector","versions":["1.2.2"],"import_time":"2026-07-10T18:05:59.686576007Z","sha256":"b22305b1026f27be6d5b78dc19f7db7a05cc9d1818b7ebc7cda0fce92431aa02","id":"IN-MAL-2026-009690","modified_time":"2026-07-10T17:50:28Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/llama-tokenizer/v/1.2.2"}],"affected":[{"package":{"name":"llama-tokenizer","ecosystem":"npm","purl":"pkg:npm/llama-tokenizer"},"versions":["1.2.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/llama-tokenizer/MAL-2026-10163.json","cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."}],"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-JAAU1Pk18MDt5atGmLq8wKGSkiPx3vT6X8tfu/L7iK1b9fHsklrEW2I+IZOst/TCMY7RiybHTIpCsmTeoq7ClQ==","sha1":"e06cd5992431a41543c12c138a0447f365d59ecc"},"filename":"llama-tokenizer-1.2.2.tgz"}],"evidence_files":[{"sha256":"914f69aba38d297e899de806f15abc5f6110cadd0bae2d0f4414b70135faca71","tlsh":"7451219331e1606c0b3bd4ee1a0b9526955a8a02335de4d0fb9c8e586fc26a4b5b16cc","path":"index.js"},{"sha256":"e9fd9a359ca9ff8ab43fddbbb874b7b61b9d2e100d80bf337793f4ec7f8415ad","tlsh":"16d0a9988466252300c4bf98a8720e429a820f3b90487c08038be028dcd83ef0dff30e","path":"package.json"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}