VDB
GCVE-110-OSM-2026-680
GCVE-110-OSM-2026-680
Advisory PublishedCVSS 9.6/10
This GitHub repository contains a malicious payload that steals cryptocurrency exchange tokens and crypto wallet files. This repo was used by North Korean APT threat actors, including Lazarus Group to target software engineers working in the crypo and web3 space.
The GitHub repository is meant to be used as a test for software engineers as part of a recruitment interview. The fake recruiter tells the victim to fix a problem in the chess application which is supposed to run locally in a browser. When the developer runs the local version of the chess app in their browser, it immediately steals any cypto exchange tokens and cookies. Then it looks locally for crypto wallet files on the local filesystem and steals those as well.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | thief-utils | all (affected) | — |
| unknown | all (affected) | — |
Aliases
References
Malicious pypi package: thief-utils
advisory
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.