VDB

GCVE-110-OSM-2026-1551

GCVE-110-OSM-2026-1551
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 8, 2026
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, code execution, install-time execution. Payload: cacert.pem Key findings: - Sensitive File Access in scripts/check-env.js: "".aws/credentials"" - Cryptocurrency Wallet Theft in scripts/check-env.js: "wallet.dat" - Chai-Max Browser Data Theft in scripts/check-env.js: "chrome', 'Default', 'Login Data" - Decoded Base64 Content in cacert.pem - Decoded Base64 Content in cacert.pem IOCs: - urls: https://gitter.im/strongloop-community/loopback-connector-elastic-search, http://strongloop.com/node-js/loopback/, https://hub.docker.com/r/library/node/tags/, https://hub.docker.com/r/library/elasticsearch/tags/, http://blog.andrewray.me/how-to-debug-mocha-tests-with-chrome/ (+8 more) - domains: gitter.im, badges.gitter.im, strongloop.com, hub.docker.com, my.es.cluster.com (+18 more) - emails: password@my.es.cluster.com - payloadFileHash: a28249119e6d0ef2d4171538cf88e40049991d3ed8a8a2c1ebb89d1cf3ff5e62 Decoded/deobfuscated IOCs: - domains: doca.com, modoca.com, shoppinpal.com, crl.comodoca.co, crt.comodoca.com (+1 more) - urls: http://ocsp.comodoca.com0+, http://crl.comodoca.co, http://crt.comodoca.com/COMOD, http://ocsp.como, http://crl.usertrust.com/AddTrustExter

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@fairwords/loopback-connector-esall (affected)

References

advisory
vendor

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›