VDB

GCVE-110-OSM-2026-7833

GCVE-110-OSM-2026-7833
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published July 12, 2026
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, code execution, network activity, obfuscated code. ENTRY pypi/newroz-agent@0.18.0/newroz_cli/main.py (console-script: newroz=newroz_cli.main:main) PERSISTENCE - Startup Persistence in pypi/newroz-agent@0.18.0/PKG-INFO: ".bashrc" - Startup Persistence in pypi/newroz-agent@0.18.0/agent/agent_init.py: ".profile" - Startup Persistence in pypi/newroz-agent@0.18.0/agent/auxiliary_client.py: ".zshrc" - Startup Persistence in pypi/newroz-agent@0.18.0/agent/coding_context.py: ".profile" - Startup Persistence in pypi/newroz-agent@0.18.0/agent/context_references.py: ".bashrc" - Startup Persistence in pypi/newroz-agent@0.18.0/agent/onboarding.py: ".profile" - Cron Job Persistence in pypi/newroz-agent@0.18.0/agent/secret_sources/bitwarden.py: "/etc/cron" - Startup Persistence in pypi/newroz-agent@0.18.0/cli.py: ".profile" (+55 more) DESTINATION - tunnel: https://YOUR-TUNNEL.trycloudflare.com/whatsapp/webhook?\\ (primary, plaintext) in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py - tunnel: https://YOUR-TUNNEL.trycloudflare.com/health (plaintext) in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py - custom-c2: https://platform.claude.com/docs/en/build-with-claude/fast-mode (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py - custom-c2: https://api.kimi.com/coding (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py - custom-c2: https://api.minimax.io/anthropic (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py - custom-c2: https://api.minimaxi.com/anthropic (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py - custom-c2: https://platform.claude.com/v1/oauth/token (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py - custom-c2: http://100.77.243.5:11434` (plaintext) in pypi/newroz-agent@0.18.0/agent/model_metadata.py (+93 more) EXFIL - Sensitive File Access in pypi/newroz-agent@0.18.0/agent/file_safety.py: ""/etc/passwd"" - Corporate Environment Targeting in pypi/newroz-agent@0.18.0/agent/lsp/client.py: "tModified`` (-32801) errors get retried with exponential backoff up to 3 times. ..." - Corporate Environment Targeting in pypi/newroz-agent@0.18.0/agent/pet/generate/atlas.py: "magenta/green. Erode the alpha by one pixel (a 3x3 min filter" - OAST/Interactsh Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py: ".trycloudflare.com" - Environment Variable Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "process.env.NEWROZ_TUI_STARTUP_TIMEOUT_MS ?? "15000", 10) || 15e3); var REQUEST" - Corporate Environment Targeting in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "tMode); return containerInfo; } function test" - Corporate Environment Targeting in pypi/newroz-agent@0.18.0/newroz_cli/web_dist/assets/index-eua9RAkC.js: "tModeForData=function(t){return n.testNumeric(t)?e.NUMERIC:n.testAlphanumeric(t)..." - Environment Variable Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/web_server.py: "os.environ.get("ELEVENLABS_API_KEY") or "").strip() if not api_key: return {"ava..." (+253 more) OBFUSCATION - Base64 Encoded Payload in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: ""AGFzbQEAAAABJwdgAX8Bf2ADf39/AX9gAX8AYAJ/fwBgBH9/f38Bf2AAAGADf39/AALLAQgDZW52GHd..." - Unicode Escape Obfuscation in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "\u0009\u000A\u000C\u000D\u0020" - Decoded Base64 Content in pypi/newroz-agent@0.18.0/optional-skills/productivity/shop/references/catalog-mcp.md (x2) ADDITIONAL FINDINGS - Download Execute Delete Pattern in pypi/newroz-agent@0.18.0/newroz_cli/kanban.py: "SPAWN_FAILURE_LIMIT), on_tick=_on_tick, ) finally: if pidfile: try: Path(pidfile..." - Chai-Max Wallet Theft Indicators in pypi/newroz-agent@0.18.0/optional-skills/blockchain/solana/scripts/solana_client.py: "solana_client.py wallet" - Remote Code Execution in pypi/newroz-agent@0.18.0/optional-skills/security/godmode/scripts/auto_jailbreak.py: "exec(open(os.path.expanduser( os.path.join(os.environ.get(" - Base64 Decoded Eval in pypi/newroz-agent@0.18.0/tools/mcp_tool.py: "compile(r"base64" - Shell Command Execution in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py: "subprocess.run(" - Silent Process Execution in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py: "stdin=subprocess.DEVNULL" (+7 more) PAYLOAD FILES pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js (+ pypi/newroz-agent@0.18.0/newroz_cli/web_server.py, pypi/newroz-agent@0.18.0/tools/browser_tool.py) INDICATORS (IOCs) - ipv4: 118.182.244.156, 61.178.123.196, 203.0.113.0, 192.0.2.1, 100.100.100.200 (+2 more) - ipv6: 1::, c::, 50::, c10d::, 2401:db00:eef0:1100:3560:0:1c05:25d (+3 more) - urls: https://newroz-agent.github.io/, https://newroz-agent.github.io/docs/, https://newroz-agent.github.io/docs/integrations/providers, https://newroz-agent.github.io/docs/getting-started/termux, https://newroz-agent.github.io/docs/user-guide/features/tool-gateway (+29 more) - domains: newroz-agent.github.io, Docs-newroz--agent.github.io, README.es, integrate.api.nvidia.com, api.routermint.com (+18 more) - emails: OpenRouter@openrouter.ai, pointing@state.db, group-id@g.us, application@q.qq.com, login@accounts.x.ai (+45 more) - sha256Hashes: 89504e470d0a1a0a0000000d49484452000000010000000108060000001f15c4, 890000000d49444154789c63000100000005000100377a7ff20000000049454e, ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff - payloadFileHash: e6b0fa11463bae8108e02fdbe38a157c289c6931661c86ddbfc5987d2b73c3ed

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownnewroz-agentall (affected)

References

vendor

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›