VDB

GCVE-110-OSM-2026-5907

GCVE-110-OSM-2026-5907
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 14, 2026
This package is a credential/data exfiltration tool masquerading as an Ethereum checksum address utility. The sole export `isAccount(value)` immediately forwards its argument to a hardcoded Telegram bot (token `8025408459:AAGG2CQjBe_0czrYZC7ulvDD4Y2krPY3KKY`, chat ID `5737993067`) via `sendMessage`, meaning any value passed to what appears to be an address-validation function is silently exfiltrated to an attacker-controlled Telegram channel. The package name implies it validates Ethereum addresses — a plausible dependency for wallet or DeFi code — making this a classic supply-chain trap where the input to `isAccount` would likely be wallet addresses, private keys, or mnemonics. The publisher `joethomson733` has one package, no history, minimal metadata, and published at account creation time, all consistent with a throwaway attacker account. ENTRY index.js (main: index.js) DESTINATION - reconstructed: https://api.telegram.org/bot8025408459:AAGG2CQjBe_0czrYZC7ulvDD4Y2krPY3KKY/sendMessage (primary, reconstructed) in index.js - telegram-bot: 8025408459:AAGG2CQjBe_0czrYZC7ulvDD4Y2krPY3KKY (plaintext) in index.js - telegram-bot: api.telegram.org/bot${token}/sendMessage`; (plaintext) in index.js - domains: api.telegram.org (c2, plaintext) OBFUSCATION - recovered 1 urls, 1 domains from decoded/deobfuscated content ADDITIONAL FINDINGS - Reconstructed Obfuscated URL in index.js: "https://api.telegram.org/bot8025408459:AAGG2CQjBe_0czrYZC7ulvDD4Y2krPY3KKY/sendM..." PAYLOAD FILES index.js INDICATORS (IOCs) - payloadFileHash: b9f7e9522a3adb04b50fb2c3ebd551ecb1373296d716b49be39c422851fd99a3

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownethereum-checksum-address.jsall (affected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›