VDB
GCVE-110-OSM-2026-3725
GCVE-110-OSM-2026-3725
Advisory PublishedCVSS 9.6/10
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
[osmalyze-auto] Entrypoint: index.js (main: index.js)
Payload: core.js
Key findings:
- Download Execute Delete Pattern in core.js: "writeFileSync(tp, ct);
arr = _dekrypt(ASDFGs[7], RandN);
arr = ar..."
- Shell Command Execution in core.js: "execSync("
- Data Encoding for Exfiltration in core.js: "encodeURIComponent(utf8Str"
- XOR-Encoded String Arrays in crypto-js.js: "var PC1 = [
57, 49, 41, 33, 25, 17, 9, 1,
58, 50, 42, 34, 26,..."
- Data Encoding for Exfiltration in crypto-js.js: "encodeURIComponent(utf8Str"
IOCs:
- domains: www.openssl.org, crypto-js.googlecode.com
- sha256Hashes: 2f77668a9dfbf8d5848b9eeb4a7145ca94c6ed9236e4a773f6dcafa5132b2f91
- payloadFileHash: 24604384b0e748ada07923630b3d037489e696284a98c4409fb9b6763565571f
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | typo-crypto | 4.3.0 (affected) | — |
Aliases
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.