{"id":"MAL-2026-5770","summary":"Malicious code in llmgenerator (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (06e55ac2d3368516d538c8efaad2b83814dbb61813f36ab5655f77677ca0d6be)\nOn `pip install`, setup.py performs an HTTP GET to https://pastebin.com/raw/yBcUM1QB, takes the first line of the response body, and passes it to `os.system(f'cmd /c \"{cmd_pastebin}\"')`. The fetched content is mutable, anonymous, and unauthenticated — the author can change what runs on every installer's machine at any time without republishing the package. The package ships no functional Python code (src/ contains only an empty.egg-info directory), confirming the package exists solely as a vehicle for the install-time dropper. The package name impersonates an LLM-tooling brand to attract installs. Installing this package grants arbitrary shell execution on the installer's Windows machine.\n\n## Source: kam193 (1948e85cdc950b3661b64655a2c0cc73708ecf6e409d19a77089e4089864411a)\nDuring installation, the code attempts to download and start a malicious executable.\n\nLikely related to 2025-08-raknet-testing-package.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-easyaillm\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - malware\n","modified":"2026-06-16T10:30:58.173103939Z","published":"2026-06-14T11:41:32Z","database_specific":{"iocs":{"domains":["fixars.top"],"urls":["https://pastebin.com/raw/hEF5HaFc","https://pastebin.com/raw/yBcUM1QBs","https://pastebin.com/raw/yBcUM1QB","http://fixars.top"]},"malicious-packages-origins":[{"sha256":"1948e85cdc950b3661b64655a2c0cc73708ecf6e409d19a77089e4089864411a","import_time":"2026-06-14T12:46:06.091798672Z","versions":["2.21"],"modified_time":"2026-06-14T11:41:32.817123Z","id":"pypi/2026-06-easyaillm/llmgenerator","source":"kam193"},{"modified_time":"2026-06-15T19:56:02Z","import_time":"2026-06-15T20:14:28.584995865Z","versions":["2.21"],"sha256":"06e55ac2d3368516d538c8efaad2b83814dbb61813f36ab5655f77677ca0d6be","id":"IN-MAL-2026-006694","source":"amazon-inspector"},{"modified_time":"2026-06-14T11:41:32.817123Z","import_time":"2026-06-15T22:45:32.263741203Z","versions":["2.21"],"sha256":"73050507e6d65ae0abcb9a0920fb9c13a31a0b8f776410020a35f11c0f332902","id":"pypi/2026-06-easyaillm/llmgenerator","source":"kam193"},{"sha256":"1039ac9ddb2b38917ea420c8b0c0e83dcf085cb1a49c37cd47745888ac3fb6cc","import_time":"2026-06-16T10:17:17.177207554Z","versions":["2.21"],"modified_time":"2026-06-14T11:41:32.817123Z","id":"pypi/2026-06-easyaillm/llmgenerator","source":"kam193"}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/1a5beab4a6facb46b4afc5f8526e1327e6c7d740ccaf34c6a921ac18eff29427/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/4c99c8edfc4444f46932f14afccb2952a3850df765765f9ac793d69f318c192f/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/0649f50ead3695f41c1243883200bdb775410bcd8c8fb88277740a625a154e25"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/llmgenerator"},{"type":"PACKAGE","url":"https://pypi.org/project/LLMGenerator/2.21/"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/926e8f1a7f349ff1eef31f89fa8ffe265c30b92e310e8bea19962d38f8c32129"}],"affected":[{"package":{"name":"llmgenerator","ecosystem":"PyPI","purl":"pkg:pypi/llmgenerator"},"versions":["2.21"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"filename":"llmgenerator-2.21.tar.gz","hashes":{"md5":"08a631e3a12f8a0c06e9a0a7513e4536","sha256":"3a391a4ba29f252da356577123f4665e8a5f2ef5f1e9ca7319d25cb34a7addb0","blake2b_256":"488aee7b57ef2f81a0c7a90c4329173c0b88b72b9a39e1c02fd040ba69021887"}}],"evidence_files":[{"tlsh":"13116713cdc77ca562b2814059267820f9219b675752d447743c436d7f746e0caf28bc","path":"setup.py","sha256":"e6812e67bb45af40ebe2545a37f161f422bb23319d2ead155be69a32a50fbc9d"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/llmgenerator/MAL-2026-5770.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}