VDB
GCVE-110-OSM-2026-319
GCVE-110-OSM-2026-319
Advisory PublishedCVSS 9.6/10
Compromised v5.0.2 of the official Packagist package intercom/intercom-php (20.7M lifetime installs, ~285K in last 30 days, ~700/day at time of detection). The malicious release registers itself as a composer-plugin and runs attacker code via post-install-cmd / post-update-cmd, harvests cloud and developer credentials, and exfiltrates them encrypted (AES-256-GCM/RSA-OAEP) to https://zero.masscan.cloud/v1/telemetry. Part of the Mini Shai-Hulud worm-style campaign documented by Socket on 2026-04-30.
=== Mini Shai-Hulud Cross-Ecosystem Campaign ===
Cross-ecosystem worm-style propagation observed PyPI -> npm -> Packagist on
2026-04-30, named for hardcoded strings "A Mini Shai-Hulud has Appeared" and
"EveryBoiWeBuildIsAWormyBoi". Detected within 14 minutes of release; ~700
daily installs of the malicious version at time of detection.
=== STAGE 1: Composer Plugin Abuse (intercom/intercom-php@5.0.2) ===
Package masquerades as PHP SDK but registers as a `composer-plugin` to enable
post-install-cmd / post-update-cmd execution.
- composer.json modified to declare plugin capability
- Plugin class: Intercom\\ComposerPlugin
- Files: src/composerPlugin.php, setup-intercom.sh, router_runtime.js
=== STAGE 2: Bun Downloader & Loader ===
setup-intercom.sh downloads Bun runtime v1.3.13 (no integrity validation),
then executes router_runtime.js which contains the credential collector and
exfiltration logic.
=== STAGE 3: Credential Harvesting ===
Targets:
- GitHub CLI tokens, npm tokens
- SSH keys (~/.ssh/*)
- AWS (SSM Parameter Store, Secrets Manager, STS)
- Azure Key Vault
- GCP Secret Manager
- Kubernetes Secrets, ~/.kube/config
- HashiCorp Vault tokens
- Docker registry credentials
- .env files, shell history files
=== STAGE 4: Encrypted Exfiltration ===
- AES-256-GCM payload encryption
- RSA-OAEP / SHA-256 key wrapping
- Endpoint: https://zero.masscan.cloud:443/v1/telemetry
=== STAGE 5: Worm Propagation ===
Stolen npm tokens are used to modify and republish packages; payloads are
written to attacker-accessible GitHub repositories with benign commit messages
("chore: update dependencies"). Spoofed commit author:
claude <claude@users.noreply.github.com>
=== Repository / File Artifacts ===
.claude/router_runtime.js, .claude/setup.mjs, .claude/settings.json
.vscode/setup.mjs, .vscode/tasks.json
results/results-*.json
package-updated.tgz
/tmp/tmp.987654321.lock
=== Hardcoded Strings ===
"A Mini Shai-Hulud has Appeared"
"EveryBoiWeBuildIsAWormyBoi"
"Exiting as russian language detected!"
"Running Intercom setup script..."
"Intercom setup complete."
=== File Hashes (SHA256) ===
intercom-intercom-php-5.0.2.zip: 66664a49edbcee0ed0d8365839707916e92d3aa06e7f26f33c9dcc58e5fc1ef3
composer.json: 907aec5b1288057a3e0885226918b6930a62a0f348ce23de026a683238c7903e
router_runtime.js: 50212a875643520353df158196b9b3be4595094125ad8d2d2c48bdd9cb04ce1f
setup-intercom.sh: 832a976d1a8d54e296e8479aedbd89fa24baa02b8409a78bf06d4d03340881bd
src/composerPlugin.php: b084743bd16043461e68b604dde80a8b386b405eae6f66c1103fb4fd6831d4a7
=== Malicious Git Commits (in legitimate intercom-php repo) ===
e8a812c5ea7d8c7ed642b0d82754ced6a99025b0 (2026-04-30 20:51:09 UTC)
e69bf4b3e84e7951a7b4ded8fee8822c57630cf8 (2026-04-30 20:53:12 UTC)
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | sun-shine-studio.shiny-extension-for-vscode | all (affected) | — |
| unknown | studio-velte-distributor.pro-svelte-extension | all (affected), all (affected), * (affected), all (affected), all (affected), all (affected) | — |
| unknown | thing-mn.your-flow-extension-for-icons | all (affected), all (affected), all (affected), all (affected), all (affected), * (affected), all (affected), all (affected) | — |
| unknown | Stl.Fusion.Ext.Services.Net | all (affected) | — |
| unknown | intercom/intercom-php | all (affected) | — |
References
Browse GCVE Records
73,196 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.