VDB

GCVE-110-OSM-2026-733

GCVE-110-OSM-2026-733
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 27, 2026
Credential stealing malware that exfiltrates sensitive files (.env, config.toml, id.json, and any files with extensions) containing API keys, database credentials, and authentication tokens to remote C2 server. Evolved through 8 versions over 2 weeks with increasing stealth. Uses base64-encoded strings and obfuscated function names to evade detection. Scans current directory for credential files, collects username and local IP via UDP socket trick (connecting to 8.8.8.8:80 without sending packets), then exfiltrates via HTTPS POST to rust-docs-build.vercel.app with 100ms delays between requests. Latest version (0.1.7) targets *.* wildcard pattern matching almost any file.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsha-rustall (affected)

References

vendor

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›