VDB

GCVE-110-OSM-2026-6650

GCVE-110-OSM-2026-6650
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 25, 2026
Malicious package detected. Behaviors: code execution, obfuscated code. ENTRY src/index.js (main: src/index.js) DESTINATION - custom-c2: https://api.trongrid.io/v1/accounts/ (primary, deobfuscated) in src/index.js - custom-c2: https://fullnode.mainnet.aptoslabs.com/v1/accounts/ (deobfuscated) in src/index.js - custom-c2: api.trongrid.io (deobfuscated) in src/index.js - custom-c2: fullnode.mainnet.aptoslabs.com (deobfuscated) in src/index.js - custom-c2: bsc-dataseed.binance.org (deobfuscated) in src/index.js - custom-c2: bsc-rpc.publicnode.com (deobfuscated) in src/index.js OBFUSCATION - IOCs Found in Deobfuscated Code in src/index.js - Whitespace-Padded Hidden Payload in src/index.js: "; var" - Obfuscation: function to array replacements in src/index.js - Obfuscation patterns: underscoreDollarVars, splitJoinChain in src/index.js - recovered 2 urls, 4 domains, 4 _domainCandidates from decoded/deobfuscated content ADDITIONAL FINDINGS - Dynamic Code Execution in src/index.js: "eval(e)" - Silent Process Execution in src/index.js: "windowsHide:true" - Platform Detection with Data Collection in src/index.js: "JSON.stringify({jsonrpc:_$_d407[13],method:a,params:c,id:1});var e={hos" - Publisher Has Other Malicious Packages PAYLOAD FILES src/index.js INDICATORS (IOCs) - urls: https://tailwindcss-animationfound.com/configurator.html, https://alpinejs.dev/plugins/intersect, https://v3.tailwindcss.com/, https://tailwindcss.com/ - domains: tailwindcss.com, alpinejs.dev, v3.tailwindcss.com - payloadFileHash: 635a944c5a53cda8ebd97d3e66e961febc8a8bf201c69dc9c3436673e238376a

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowntailwindcss-effectorall (affected)

References

advisory
vendor

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›