VDB
GCVE-110-OSM-2024-159
GCVE-110-OSM-2024-159
Advisory PublishedCVSS 9.6/10
Malicious Go module 'github.com/mprogrammer2020/snipper-bot-uniswap' compromised in the PolinRider DPRK-linked supply-chain campaign (Socket threat research). The artifact was published with the campaign's obfuscated loader that fetches and executes a blockchain-hosted second-stage infostealer payload.
Part of the PolinRider (DPRK-linked; Contagious Interview / Famous Chollima) supply-chain campaign tracked by Socket.
Behavior: obfuscated JavaScript loader planted in the compromised artifact; retrieves an encrypted second-stage payload from blockchain RPC infrastructure (TRON, Aptos, BNB Smart Chain), decrypts it with embedded XOR keys, and executes it via eval() for remote code execution and persistence via detached processes.
Follow-on payloads: DEV#POPPER, OmniStealer, InvisibleFerret — credential theft, browser-data theft, crypto-wallet exfiltration, keylogging.
Propagation: temp_auto_push.bat rewrites git commit history and force-pushes malicious changes to spread across downstream repositories.
Code signatures: rmcej%otb% (original) / Cot%3t=shtP (new) markers; decoder functions _$_1e42 / MDy.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | github.com/mprogrammer2020/snipper-bot-uniswap | v0.0.0-20240321075156-da0461f0b224 (affected) | — |
Browse GCVE Records
71,925 records in the GCVE database · Updated July 13, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.