VDB

GCVE-110-OSM-2026-680

GCVE-110-OSM-2026-680
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 10, 2026
This GitHub repository contains a malicious payload that steals cryptocurrency exchange tokens and crypto wallet files. This repo was used by North Korean APT threat actors, including Lazarus Group to target software engineers working in the crypo and web3 space. The GitHub repository is meant to be used as a test for software engineers as part of a recruitment interview. The fake recruiter tells the victim to fix a problem in the chess application which is supposed to run locally in a browser. When the developer runs the local version of the chess app in their browser, it immediately steals any cypto exchange tokens and cookies. Then it looks locally for crypto wallet files on the local filesystem and steals those as well.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownthief-utilsall (affected)
unknownall (affected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›