VDB

GCVE-110-OSM-2026-6639

GCVE-110-OSM-2026-6639
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 25, 2026
This package is part of the latest Miasma attack on NPM. This package is a malicious release that hijacks the legitimate leo-sdk package name. Installing it triggers code execution at npm install time via a planted binding.gyp whose sources field abuses gyp's <!(…) shell-exec syntax to silently run node index.js > /dev/null 2>&1. The replaced index.js (5.1 MB, single-line, char-code+Caesar-obfuscated) decrypts an embedded AES-128-GCM blob, downloads the legitimate Bun runtime from the official oven-sh/bun GitHub release, writes the decrypted JavaScript payload to /tmp/p<random>.js, and executes it under Bun rather than Node — almost certainly to evade Node-focused EDR, SCA, and runtime-monitoring hooks. The payload itself is a 762 KB javascript-obfuscator-bundled program whose visible function names (githubFetch, githubHeaders, githubJson) and string-table keywords (GITHUB, NPM, AWS, TOKEN, SECRET, Authorization) indicate credential and token theft, with GitHub API as at least one exfiltration channel. The dropper in index.js wraps a tiny outer loader of the form try{eval(function(s,n){…ROT(s,24)…}([<charcodes>].map(fromCharCode).join(""),24))}catch(e){console.log("wrapper:",e.message||e)}. After ROT-24 decode it becomes an async IIFE that calls crypto.createDecipheriv("aes-128-gcm", …) twice — once for a 907-byte _b (defines globalThis.getBunPath, which mkdtempSyncs under os.tmpdir() into a directory prefixed b-, then curl -sSL + unzip of https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip and chmod 755), and once for a 781,580-byte _p payload that is written to /tmp/p<base36>.js and run with bun run "<path>" via child_process.execSync(..., {stdio:"inherit"}), then unlinkSync'd. The decrypted payload is obfuscated with javascript-obfuscator using a rotated, RC4-encoded string array (2,588 entries; the IIFE rotation magic is 0x7b727) and exposes githubFetch/githubHeaders/githubJson plus references to GitHub/NPM/AWS auth strings. Concrete IOCs: - Package: leo-sdk@6.0.19 on npm (legitimate maintainer's latest is the 7.x line, e.g. 7.1.21) - Anomalous dependency added in this version: "bun": "^1.3.13" in dependencies (legit package never depended on Bun) - SHA-256 of dropped files: - index.js = 026588d39b7c650b5c0dfbba6c6fcc0e7ec8e3b72ba8639012e7f71c708f2c3b - binding.gyp = 32d1bc728d8e504952083a6adc488c309a401c7df4dc8f47b382ce32e4aebe21 - package.json = a47ce37442c21ca0b465d2ba873ad228de1ed0d19bf61e0651c2279bbc13820e - Install-time trigger string (in binding.gyp): <!(node index.js > /dev/null 2>&1 && echo stub.c) - AES-128-GCM keys/IVs/tags embedded in index.js (unique enough to YARA on): - _b: key 52ce5f888ae9c8a033a8afa65444ce32, iv e11eb9805f9694073b1a2013, tag 1c5bee61257ffa2fb08b988b5b655588 - _p: key 61ad313303f4080bf9e8e20fb7e9b0a5, iv 999b89e15b8610fa109b6c8d, tag 6f57d026d5339121141efd5704d09605 - Network IOC (benign domain, but characteristic behavior): outbound curl to https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-{linux,darwin,windows}-{x64-baseline,aarch64}.zip issued by a node (npm install) process — anomalous on build/CI hosts that don't otherwise use Bun - Filesystem artefacts: temp directory ${TMPDIR}/b-XXXXXX/ containing bun (or bun.exe); ephemeral payload file ${TMPDIR}/p<base36>.js (created then unlinked) - Process telemetry: node spawning curl, unzip, and then bun run /tmp/p*.js during/after npm install - Wrapper console signature on payload failure: the literal string wrapper: written to stdout (the only thing the outer try/catch leaks) Treat any host that ran npm install leo-sdk@6.0.19 as compromised: rotate GitHub, npm, and AWS credentials accessible to that account, audit ~/.npmrc, ~/.aws/credentials, ~/.config/gh/hosts.yml, and shell history, and block/quarantine bun execution under any path matching ${TMPDIR}/b-*/bun.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownleo-sdk6.0.19 (affected)

References

vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›