VDB

GCVE-110-OSM-2026-319

GCVE-110-OSM-2026-319
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 30, 2026
Compromised v5.0.2 of the official Packagist package intercom/intercom-php (20.7M lifetime installs, ~285K in last 30 days, ~700/day at time of detection). The malicious release registers itself as a composer-plugin and runs attacker code via post-install-cmd / post-update-cmd, harvests cloud and developer credentials, and exfiltrates them encrypted (AES-256-GCM/RSA-OAEP) to https://zero.masscan.cloud/v1/telemetry. Part of the Mini Shai-Hulud worm-style campaign documented by Socket on 2026-04-30. === Mini Shai-Hulud Cross-Ecosystem Campaign === Cross-ecosystem worm-style propagation observed PyPI -> npm -> Packagist on 2026-04-30, named for hardcoded strings "A Mini Shai-Hulud has Appeared" and "EveryBoiWeBuildIsAWormyBoi". Detected within 14 minutes of release; ~700 daily installs of the malicious version at time of detection. === STAGE 1: Composer Plugin Abuse (intercom/intercom-php@5.0.2) === Package masquerades as PHP SDK but registers as a `composer-plugin` to enable post-install-cmd / post-update-cmd execution. - composer.json modified to declare plugin capability - Plugin class: Intercom\\ComposerPlugin - Files: src/composerPlugin.php, setup-intercom.sh, router_runtime.js === STAGE 2: Bun Downloader & Loader === setup-intercom.sh downloads Bun runtime v1.3.13 (no integrity validation), then executes router_runtime.js which contains the credential collector and exfiltration logic. === STAGE 3: Credential Harvesting === Targets: - GitHub CLI tokens, npm tokens - SSH keys (~/.ssh/*) - AWS (SSM Parameter Store, Secrets Manager, STS) - Azure Key Vault - GCP Secret Manager - Kubernetes Secrets, ~/.kube/config - HashiCorp Vault tokens - Docker registry credentials - .env files, shell history files === STAGE 4: Encrypted Exfiltration === - AES-256-GCM payload encryption - RSA-OAEP / SHA-256 key wrapping - Endpoint: https://zero.masscan.cloud:443/v1/telemetry === STAGE 5: Worm Propagation === Stolen npm tokens are used to modify and republish packages; payloads are written to attacker-accessible GitHub repositories with benign commit messages ("chore: update dependencies"). Spoofed commit author: claude <claude@users.noreply.github.com> === Repository / File Artifacts === .claude/router_runtime.js, .claude/setup.mjs, .claude/settings.json .vscode/setup.mjs, .vscode/tasks.json results/results-*.json package-updated.tgz /tmp/tmp.987654321.lock === Hardcoded Strings === "A Mini Shai-Hulud has Appeared" "EveryBoiWeBuildIsAWormyBoi" "Exiting as russian language detected!" "Running Intercom setup script..." "Intercom setup complete." === File Hashes (SHA256) === intercom-intercom-php-5.0.2.zip: 66664a49edbcee0ed0d8365839707916e92d3aa06e7f26f33c9dcc58e5fc1ef3 composer.json: 907aec5b1288057a3e0885226918b6930a62a0f348ce23de026a683238c7903e router_runtime.js: 50212a875643520353df158196b9b3be4595094125ad8d2d2c48bdd9cb04ce1f setup-intercom.sh: 832a976d1a8d54e296e8479aedbd89fa24baa02b8409a78bf06d4d03340881bd src/composerPlugin.php: b084743bd16043461e68b604dde80a8b386b405eae6f66c1103fb4fd6831d4a7 === Malicious Git Commits (in legitimate intercom-php repo) === e8a812c5ea7d8c7ed642b0d82754ced6a99025b0 (2026-04-30 20:51:09 UTC) e69bf4b3e84e7951a7b4ded8fee8822c57630cf8 (2026-04-30 20:53:12 UTC)

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsun-shine-studio.shiny-extension-for-vscodeall (affected)
unknownstudio-velte-distributor.pro-svelte-extensionall (affected), all (affected), * (affected), all (affected), all (affected), all (affected)
unknownthing-mn.your-flow-extension-for-iconsall (affected), all (affected), all (affected), all (affected), all (affected), * (affected), all (affected), all (affected)
unknownStl.Fusion.Ext.Services.Netall (affected)
unknownintercom/intercom-phpall (affected)

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›