MAL-2026-10163
Malicious code in llama-tokenizer (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (b22305b1026f27be6d5b78dc19f7db7a05cc9d1818b7ebc7cda0fce92431aa02) This package typosquats llama-tokenizer-js. On require, index.js reconstructs a host and URL path from String.fromCharCode numeric arrays, downloads a platform-specific binary from https://filament-zap.vercel.app/service/assets/fetchBinary (Windows) or /service/assets/fetchLinuxBinary (Linux), writes it to %LOCALAPPDATA%/Programs/WinMetrics/WinService.exe on Windows or ~/.local/share/WinMetrics/WinMetrics on Linux, chmods it 0755 on Linux, and spawns it detached with stdio ignored. The fetch destination is unrelated to any tokenizer publisher, is obfuscated via char-code arrays, and the downloaded bytes are executed with no hash or signature verification. index.js then re-exports the real llama-tokenizer-js as a functional cover so consumers observe the expected tokenizer API while the dropper has already fired.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for llama-tokenizer (npm). Pin to a known-safe version or switch to an alternative.