VDB
GCVE-110-OSM-2026-1077
GCVE-110-OSM-2026-1077
Advisory PublishedCVSS 9.6/10
Compromised GitHub Action used in Trivy security scanner CI/CD pipelines (CVE-2026-33634, CVSS 9.4). Malicious commit e0198fd2b6e1679e36d32933941182d9afa82f6f injected a three-stage payload that harvests environment variables, scrapes process memory for secrets (targeting Runner.Worker via /proc/PID/mem), and performs filesystem credential sweeping across 100+ file paths. Exfiltrates encrypted bundles to C2 via AES-256-CBC with RSA-wrapped session key; falls back to creating a public tpcp-docs GitHub repository as alternate exfil channel. Initial compromise on March 19, 2026 cascaded to npm (CanisterWorm), Checkmarx GitHub Actions, OpenVSX extensions, LiteLLM PyPI, and Telnyx PyPI.
=== PAYLOAD 1: Environment & Memory Harvester ===
Malicious payload found in: trivy-action (GitHub Action)
Malicious commit: e0198fd2b6e1679e36d32933941182d9afa82f6f
Behavior: Reads /proc/PID/environ for environment variables. Scans /proc/PID/mem of Runner.Worker process, pattern-matching for {"value":"<secret>","isSecret":true} structures.
=== PAYLOAD 2: Filesystem Credential Sweep ===
Behavior: Searches 100+ file paths across 6 directory levels for SSH keys, cloud configs, Kubernetes manifests, Docker credentials, .env files, Terraform state, shell history, database configs, TLS keys, and crypto wallets.
=== PAYLOAD 3: Persistence Dropper (sysmon.py) ===
Malicious payload found in: ~/.config/systemd/user/sysmon.py
C2 URL: https://tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io/
Download path: /tmp/pglog
State file: /tmp/.pg_state
Behavior: Creates systemd user service for persistence. Polls blockchain-hosted C2 every 50 minutes, downloads and executes second-stage payloads. Filters out YouTube URLs.
=== EXFILTRATION ===
Primary C2: scan.aquasecurtiy[.]org (typosquat)
Fallback: Creates public GitHub repo tpcp-docs
Encryption: AES-256-CBC, session key wrapped with hardcoded 4096-bit RSA public key
=== FILE HASHES (SHA256) ===
Trivy Action: 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a
Trivy Binary (Linux 64-bit): 822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0
Trivy Binary (macOS ARM64): 6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538
Trivy Binary (Windows 64-bit): 0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349
=== ATTACKER IPs ===
209.159.147.239 (Interserver VPS NYC - TruffleHog, MinIO, open directory)
170.62.100.245 (Boto3 on Kali Linux - cloud enumeration + S3 scanning)
154.47.29.12 (Botocore on Windows 11 - org recon)
103.75.11.59 (AWS SDK Go on macOS ARM - re-check operations)
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.