VDB
GCVE-110-OSM-2026-7833
GCVE-110-OSM-2026-7833
Advisory PublishedCVSS 9.6/10
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, code execution, network activity, obfuscated code.
ENTRY
pypi/newroz-agent@0.18.0/newroz_cli/main.py (console-script: newroz=newroz_cli.main:main)
PERSISTENCE
- Startup Persistence in pypi/newroz-agent@0.18.0/PKG-INFO: ".bashrc"
- Startup Persistence in pypi/newroz-agent@0.18.0/agent/agent_init.py: ".profile"
- Startup Persistence in pypi/newroz-agent@0.18.0/agent/auxiliary_client.py: ".zshrc"
- Startup Persistence in pypi/newroz-agent@0.18.0/agent/coding_context.py: ".profile"
- Startup Persistence in pypi/newroz-agent@0.18.0/agent/context_references.py: ".bashrc"
- Startup Persistence in pypi/newroz-agent@0.18.0/agent/onboarding.py: ".profile"
- Cron Job Persistence in pypi/newroz-agent@0.18.0/agent/secret_sources/bitwarden.py: "/etc/cron"
- Startup Persistence in pypi/newroz-agent@0.18.0/cli.py: ".profile"
(+55 more)
DESTINATION
- tunnel: https://YOUR-TUNNEL.trycloudflare.com/whatsapp/webhook?\\ (primary, plaintext) in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py
- tunnel: https://YOUR-TUNNEL.trycloudflare.com/health (plaintext) in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py
- custom-c2: https://platform.claude.com/docs/en/build-with-claude/fast-mode (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py
- custom-c2: https://api.kimi.com/coding (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py
- custom-c2: https://api.minimax.io/anthropic (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py
- custom-c2: https://api.minimaxi.com/anthropic (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py
- custom-c2: https://platform.claude.com/v1/oauth/token (plaintext) in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py
- custom-c2: http://100.77.243.5:11434` (plaintext) in pypi/newroz-agent@0.18.0/agent/model_metadata.py
(+93 more)
EXFIL
- Sensitive File Access in pypi/newroz-agent@0.18.0/agent/file_safety.py: ""/etc/passwd""
- Corporate Environment Targeting in pypi/newroz-agent@0.18.0/agent/lsp/client.py: "tModified`` (-32801) errors get retried with exponential backoff up to 3 times. ..."
- Corporate Environment Targeting in pypi/newroz-agent@0.18.0/agent/pet/generate/atlas.py: "magenta/green. Erode the alpha by one pixel (a 3x3 min filter"
- OAST/Interactsh Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/setup_whatsapp_cloud.py: ".trycloudflare.com"
- Environment Variable Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "process.env.NEWROZ_TUI_STARTUP_TIMEOUT_MS ?? "15000", 10) || 15e3); var REQUEST"
- Corporate Environment Targeting in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "tMode); return containerInfo; } function test"
- Corporate Environment Targeting in pypi/newroz-agent@0.18.0/newroz_cli/web_dist/assets/index-eua9RAkC.js: "tModeForData=function(t){return n.testNumeric(t)?e.NUMERIC:n.testAlphanumeric(t)..."
- Environment Variable Exfiltration in pypi/newroz-agent@0.18.0/newroz_cli/web_server.py: "os.environ.get("ELEVENLABS_API_KEY") or "").strip() if not api_key: return {"ava..."
(+253 more)
OBFUSCATION
- Base64 Encoded Payload in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: ""AGFzbQEAAAABJwdgAX8Bf2ADf39/AX9gAX8AYAJ/fwBgBH9/f38Bf2AAAGADf39/AALLAQgDZW52GHd..."
- Unicode Escape Obfuscation in pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js: "\u0009\u000A\u000C\u000D\u0020"
- Decoded Base64 Content in pypi/newroz-agent@0.18.0/optional-skills/productivity/shop/references/catalog-mcp.md (x2)
ADDITIONAL FINDINGS
- Download Execute Delete Pattern in pypi/newroz-agent@0.18.0/newroz_cli/kanban.py: "SPAWN_FAILURE_LIMIT), on_tick=_on_tick, ) finally: if pidfile: try: Path(pidfile..."
- Chai-Max Wallet Theft Indicators in pypi/newroz-agent@0.18.0/optional-skills/blockchain/solana/scripts/solana_client.py: "solana_client.py wallet"
- Remote Code Execution in pypi/newroz-agent@0.18.0/optional-skills/security/godmode/scripts/auto_jailbreak.py: "exec(open(os.path.expanduser( os.path.join(os.environ.get("
- Base64 Decoded Eval in pypi/newroz-agent@0.18.0/tools/mcp_tool.py: "compile(r"base64"
- Shell Command Execution in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py: "subprocess.run("
- Silent Process Execution in pypi/newroz-agent@0.18.0/agent/anthropic_adapter.py: "stdin=subprocess.DEVNULL"
(+7 more)
PAYLOAD FILES
pypi/newroz-agent@0.18.0/newroz_cli/tui_dist/entry.js (+ pypi/newroz-agent@0.18.0/newroz_cli/web_server.py, pypi/newroz-agent@0.18.0/tools/browser_tool.py)
INDICATORS (IOCs)
- ipv4: 118.182.244.156, 61.178.123.196, 203.0.113.0, 192.0.2.1, 100.100.100.200 (+2 more)
- ipv6: 1::, c::, 50::, c10d::, 2401:db00:eef0:1100:3560:0:1c05:25d (+3 more)
- urls: https://newroz-agent.github.io/, https://newroz-agent.github.io/docs/, https://newroz-agent.github.io/docs/integrations/providers, https://newroz-agent.github.io/docs/getting-started/termux, https://newroz-agent.github.io/docs/user-guide/features/tool-gateway (+29 more)
- domains: newroz-agent.github.io, Docs-newroz--agent.github.io, README.es, integrate.api.nvidia.com, api.routermint.com (+18 more)
- emails: OpenRouter@openrouter.ai, pointing@state.db, group-id@g.us, application@q.qq.com, login@accounts.x.ai (+45 more)
- sha256Hashes: 89504e470d0a1a0a0000000d49484452000000010000000108060000001f15c4, 890000000d49444154789c63000100000005000100377a7ff20000000049454e, ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
- payloadFileHash: e6b0fa11463bae8108e02fdbe38a157c289c6931661c86ddbfc5987d2b73c3ed
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | newroz-agent | all (affected) | — |
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.