VDB

GCVE-110-OSM-2026-1077

GCVE-110-OSM-2026-1077
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 27, 2026
Compromised GitHub Action used in Trivy security scanner CI/CD pipelines (CVE-2026-33634, CVSS 9.4). Malicious commit e0198fd2b6e1679e36d32933941182d9afa82f6f injected a three-stage payload that harvests environment variables, scrapes process memory for secrets (targeting Runner.Worker via /proc/PID/mem), and performs filesystem credential sweeping across 100+ file paths. Exfiltrates encrypted bundles to C2 via AES-256-CBC with RSA-wrapped session key; falls back to creating a public tpcp-docs GitHub repository as alternate exfil channel. Initial compromise on March 19, 2026 cascaded to npm (CanisterWorm), Checkmarx GitHub Actions, OpenVSX extensions, LiteLLM PyPI, and Telnyx PyPI. === PAYLOAD 1: Environment & Memory Harvester === Malicious payload found in: trivy-action (GitHub Action) Malicious commit: e0198fd2b6e1679e36d32933941182d9afa82f6f Behavior: Reads /proc/PID/environ for environment variables. Scans /proc/PID/mem of Runner.Worker process, pattern-matching for {"value":"<secret>","isSecret":true} structures. === PAYLOAD 2: Filesystem Credential Sweep === Behavior: Searches 100+ file paths across 6 directory levels for SSH keys, cloud configs, Kubernetes manifests, Docker credentials, .env files, Terraform state, shell history, database configs, TLS keys, and crypto wallets. === PAYLOAD 3: Persistence Dropper (sysmon.py) === Malicious payload found in: ~/.config/systemd/user/sysmon.py C2 URL: https://tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io/ Download path: /tmp/pglog State file: /tmp/.pg_state Behavior: Creates systemd user service for persistence. Polls blockchain-hosted C2 every 50 minutes, downloads and executes second-stage payloads. Filters out YouTube URLs. === EXFILTRATION === Primary C2: scan.aquasecurtiy[.]org (typosquat) Fallback: Creates public GitHub repo tpcp-docs Encryption: AES-256-CBC, session key wrapped with hardcoded 4096-bit RSA public key === FILE HASHES (SHA256) === Trivy Action: 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a Trivy Binary (Linux 64-bit): 822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0 Trivy Binary (macOS ARM64): 6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538 Trivy Binary (Windows 64-bit): 0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349 === ATTACKER IPs === 209.159.147.239 (Interserver VPS NYC - TruffleHog, MinIO, open directory) 170.62.100.245 (Boto3 on Kali Linux - cloud enumeration + S3 scanning) 154.47.29.12 (Botocore on Windows 11 - org recon) 103.75.11.59 (AWS SDK Go on macOS ARM - re-check operations)

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›