Supply-chain threat intelligence

Incident detail

criticalnpm·typosquatting·osv

Malicious code in llama-tokenizer (npm)

llama-tokenizer

Risk score

92

AI summary

Indexed incident for llama-tokenizer (npm).

Description

This package typosquats llama-tokenizer-js. On require, index.js reconstructs a host and URL path from String.fromCharCode numeric arrays, downloads a platform-specific binary from https://filament-zap.vercel.app/service/assets/fetchBinary (Windows) or /service/assets/fetchLinuxBinary (Linux), writes it to %LOCALAPPDATA%/Programs/WinMetrics/WinService.exe on Windows or ~/.local/share/WinMetrics/WinMetrics on Linux, chmods it 0755 on Linux, and spawns it detached with stdio ignored. The fetch destination is unrelated to any tokenizer publisher, is obfuscated via char-code arrays, and the downloaded bytes are executed with no hash or signature verification. index.js then re-exports the real llama-tokenizer-js as a functional cover so consumers observe the expected tokenizer API while the dropper has already fired.

Technical details

Affected versions

=1.2.2

Indicators

  • affected version=1.2.275%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents