VDB
GCVE-110-OSM-2026-5762
GCVE-110-OSM-2026-5762
Advisory PublishedCVSS 5.4/10
This package is an account-fraud automation tool that mass-registers fake Canva and Leonardo AI accounts using Playwright, collecting generated credentials (email, accessToken, cognitoSession) and sending them to the operator-controlled backend at api-leo.sekitar.online. While this is the tool's stated purpose and users are complicit participants, the exfiltration of generated access tokens and Cognito sessions to a third-party C2-like backend (api-leo.sekitar.online, backed by Supabase at xjknkbvjgrfdfdacippf.supabase.co) combined with the auto-update `execSync("npm install -g leobot-cli@latest")` pattern creates a persistent, remotely-updatable payload delivery channel that could pivot to targeting the users themselves. The accidental inclusion of `.claude/settings.local.json` with the Supabase backend URL confirms the developer's infrastructure. The primary harm is to Canva and Leonardo's platforms, but users' own auth tokens (opts.token) are transmitted to attacker-controlled infrastructure on every API call, and the auto-update mechanism bypasses any future audits. This is not a conventional infostealer, but it is clearly harmful tooling with exfiltration-to-attacker-backend behavior.
Entrypoint: bin/cli.js (bin: ./bin/cli.js)
Exfil: https://www.canva.com/ (custom-c2, recovery: plaintext in src/commands/generate.js)
Loader: https://xjknkbvjgrfdfdacippf.supabase.co/rest/v1/rpc/ in .claude/settings.local.json
Payload: src/commands/generate.js
Secondary files: src/doctor.js, src/commands/generate.js.bak
Key findings:
- Shell Command Execution in bin/cli.js: "execSync("
- Hidden NPM Install in bin/cli.js: "execSync("npm install -g leobot-cli@latest""
- Data Encoding for Exfiltration in src/commands/generate.js: "encodeURIComponent(email"
- Platform Detection with Data Collection in src/commands/generate.js: "JSON.stringify({
email,
accessToken: pageAccessT..."
- Data Encoding for Exfiltration in src/commands/generate.js.bak: "encodeURIComponent(email)}`, { headers: { authorization: `Bearer ${opts.token"
IOCs:
- urls: https://api-leo.sekitar.online/, https://xjknkbvjgrfdfdacippf.supabase.co/rest/v1/rpc/, https://api-kamu.com, https://api.com, https://www.canva.com/ (+2 more)
- domains: api-leo.sekitar.online, xjknkbvjgrfdfdacippf.supabase.co, Canva.com, tinggalcolok.online, mhridwan.tech (+3 more)
- payloadFileHash: 75d8da42d55f20621d8d2d4b73c50ceb50e33690e7a35668fb0a9142ad0f5244
Hidden install (secondary package pulled at runtime):
- -g [OSM: clean] in bin/cli.js
- -g [OSM: clean] in src/commands/update.js
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | leobot-cli | 1.1.6 (affected) | — |
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.