VDB

GCVE-110-OSM-2026-670

GCVE-110-OSM-2026-670
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 10, 2026
This repository is part of the North Korean DPRK "contagious interview" malware campaign that seeks to steal crypto assets and credentials. There are several stages to the malware: When the git repo is cloned and the victim opens the source code in Microsoft Visual Studio, a vscode task downloads and installs the Beavertail JavaScript cryptostealer. This cryptostealer looks for any crypto assets, wallet files, env files and extiltrates them to an IP address 146.70[.]41[.]188. Next, bash scripts install a binary that enables persistence and C2.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownpymnemonicall (affected)
unknownall (affected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›