VDB

GCVE-110-OSM-2025-358

GCVE-110-OSM-2025-358
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published November 18, 2025
Malicious npm package 'vite-plugin-tailwind-purge' attributed to North Korea's Contagious Interview campaign (Socket). The package delivers a DPRK infostealer (BeaverTail/InvisibleFerret) that steals developer credentials and cryptocurrency wallets. Part of North Korea's Contagious Interview campaign (Famous Chollima / DPRK-linked), tracked by Socket. Delivery: malicious package posing as a legitimate library, pushed to targeted developers during fake job-interview coding assessments (or via typosquatting of popular packages). Behavior: install-time and/or runtime loader retrieves and executes follow-on infostealer payloads (BeaverTail / InvisibleFerret family), harvesting developer credentials, browser data, keychains, and cryptocurrency wallets, and establishing a backdoor for remote access. Objective: credential theft and cryptocurrency exfiltration.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownvite-plugin-tailwind-purge0.3.8 (affected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›