VDB

GCVE-110-OSM-2024-159

GCVE-110-OSM-2024-159
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 21, 2024
Malicious Go module 'github.com/mprogrammer2020/snipper-bot-uniswap' compromised in the PolinRider DPRK-linked supply-chain campaign (Socket threat research). The artifact was published with the campaign's obfuscated loader that fetches and executes a blockchain-hosted second-stage infostealer payload. Part of the PolinRider (DPRK-linked; Contagious Interview / Famous Chollima) supply-chain campaign tracked by Socket. Behavior: obfuscated JavaScript loader planted in the compromised artifact; retrieves an encrypted second-stage payload from blockchain RPC infrastructure (TRON, Aptos, BNB Smart Chain), decrypts it with embedded XOR keys, and executes it via eval() for remote code execution and persistence via detached processes. Follow-on payloads: DEV#POPPER, OmniStealer, InvisibleFerret — credential theft, browser-data theft, crypto-wallet exfiltration, keylogging. Propagation: temp_auto_push.bat rewrites git commit history and force-pushes malicious changes to spread across downstream repositories. Code signatures: rmcej%otb% (original) / Cot%3t=shtP (new) markers; decoder functions _$_1e42 / MDy.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowngithub.com/mprogrammer2020/snipper-bot-uniswapv0.0.0-20240321075156-da0461f0b224 (affected)

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›