VDB
GCVE-110-OSM-2026-3450
GCVE-110-OSM-2026-3450
Advisory PublishedCVSS 9.6/10
Steals cryptocurrency wallet funds by intercepting all write operations on seven wallet providers (MetaMask, Phantom, OKX, Coinbase Extension, Binance Chain, Gate.io, and Vgate) and exfiltrating wallet addresses, transaction hashes, and EIP-712 permit signatures to attacker-controlled WebRTC C2 at `static-cdn.gstatichub.com`. Packaged as a Swiper CSS normalization utility with no legitimate CSS code, the drainer establishes a WebRTC channel via base91+RC4-encoded SDP exchange and ECDH key delivery through a spoofed `@font-face` CSS rule, then executes attacker-pushed `set_ambush` interception rules enabling gasless EIP-2612 permit drains with permanent token approval (deadline=maxUint256). Predecessor to the confirmed-critical css-compat-layer campaign; shares identical C2 infrastructure, obfuscated payload architecture, and publisher account (johnroberson1951@zzzzflaine.com).
**Trigger** (require-time): Initializes at bundle load via IIFE — no install hook in package.json. Sole export `HydrationContext` is the drainer, named to blend with React/Next.js hydration patterns. Wallet hooks registered before any user interaction.
**C2 Key Delivery via CSS Covert Channel**: `_loadCSS()` fetches a CSS resource from `https://static-cdn.gstatichub.com/css/{nonce}.css` with element id `__gf_css__`; `_extractPKFromFontFace()` reads the server ECDH P-256 public key from the base64-encoded `src` value of the `@font-face` rule inside the loaded stylesheet.
**WebRTC SDP Exchange**: `_minifySDP()` encodes the SDP offer using base91 (`_b91e`) + RC4 (`_rc4`), then exchanges it via HTTPS GET to `/css/{8hex}-{8hex}.css?d={encoded_sdp}`. Step 2 of the handshake repeats with `&p=2` appended. RTCPeerConnection uses STUN `stun:stun.l.google.com:19302`; RTCDataChannel (name: `"data"`) with 15-second heartbeat.
**C2 Commands**: Attacker sends `set_ambush` (array of rule objects with `id`, `action`, `once` fields), `clear_ambush` (clears pending rules), `switch_chain` (attacker-directed network switch; acks `chain_switched`) via the RTCDataChannel.
**Wallet Interception**: `_hookProvider()` monkey-patches `.request()` on `window.ethereum`, `vgateWallet`, `BinanceChain`, `gatewallet`, `okxwallet`, `coinbaseWalletExtension`, `phantom`; EIP-6963 `eip6963:announceProvider` discovery extends hooks to additional providers. Intercepted: `eth_sendTransaction`, `eth_signTransaction`, `personal_sign`, `eth_sign`, `eth_signTypedData_v4`, `eth_signTypedData_v3`, `eth_signTypedData`.
**EIP-2612 Permit Drain**: Intercepts `eth_signTypedData_v4` to capture or modify EIP-2612 permit signatures; ERC-20 `APPROVE_SELECTOR = 0x095ea7b3` and `INCREASE_ALLOWANCE_SELECTOR = 0x39509351` confirmed as literals; `deadline = maxUint256` (permanent — approval never expires).
**Exfiltration**: `_reportWriteResult()` / `_sendEvent()` transmits `{event: 'user_eth_sendTransaction_sent', txHash, address, chainId, to}` and `{event: 'user_eth_signTypedData_v4_signed', signature, address, chainId}` to attacker via RTCDataChannel.
**Obfuscation**: Both `dist/index.js` (CJS) and `dist/index.mjs` (ESM) are RC4+rotation-obfuscated builds; `javascript-obfuscator ^5.4.1` in `devDependencies` across all 16 published versions.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | swiper-css-normalize | — | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.