VDB

GCVE-110-OSM-2026-3429

GCVE-110-OSM-2026-3429
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 29, 2026
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, code execution, network activity. Payload: optional-skills/blockchain/solana/scripts/solana_client.py Secondary files: agent/anthropic_adapter.py, plugins/memory/supermemory/__init__.py Key findings: - Chai-Max Wallet Theft Indicators in optional-skills/blockchain/solana/scripts/solana_client.py: "solana_client.py wallet" - Environment Variable Exfiltration in optional-skills/health/fitness-nutrition/scripts/nutrition_search.py: "os.environ.get("USDA_API_KEY", "DEMO_KEY") BASE = "https://api.nal.usda.gov/fdc/..." - Environment Variable Exfiltration in tools/browser_providers/firecrawl.py: "os.environ.get("FIRECRAWL_BROWSER_TTL", "300")) body: Dict[str, object]..." - Sensitive File Access in tools/file_operations.py: ""/etc/passwd"" - Startup Persistence in PKG-INFO: ".bashrc" IOCs: - ipv4: 149.154.160.0, 149.154.167.220, 192.0.2.1, 93.184.216.34, 100.64.0.0 - ipv6: a::, c10d::, 2401:db00:eef0:1100:3560:0:1c05:25d - urls: https://fam-agent.nousresearch.com/docs/, https://nousresearch.com, https://portal.nousresearch.com, https://openrouter.ai, https://platform.xiaomimimo.com (+45 more) - domains: nousresearch.com, portal.nousresearch.com, platform.xiaomimimo.com, www.minimax.io, huggingface.co (+40 more) - emails: application@q.qq.com, tier@openrouter.ai, fam-agent@agentmail.to, support@lambdalabs.com, opened@excalidraw.com (+9 more) - ethereumAddresses: 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045, 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913, 0x4200000000000000000000000000000000000006, 0x833589fcd6edb6e08f4c7c32d4f71b54bda02913, 0x2ae3f1ec7f1f5012cfeab0185bfc7aa3cf0dec22 (+8 more) - tunnelServices: https://random-words.trycloudflare.com - payloadFileHash: d99fd061b021848e0eb92fdadc4654b33c24591eb0489d13d1cc55733bf0e1ff

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownfamteamall (affected)

References

vendor

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›