Checkmarx uncovered ViteVenom, a cluster of seven malicious npm packages targeting developers using the Vite frontend tooling ecosystem in a software supply chain attack. The campaign is linked to SuccessKey and ChainVeil, using a four-tier blockchain-based C2 setup across Tron, Aptos, and Binance Smart Chain to deliver a RAT for reverse shells, credential theft, file exfiltration, and persistence. #ViteVenom #ChainVeil #SuccessKey #Vite #Tron #Aptos #BinanceSmartChain
Keypoints
- Seven malicious npm packages targeted the Vite developer ecosystem.
- The campaign is part of the ViteVenom operation discovered by Checkmarx.
- Attackers used a four-tier blockchain C2 infrastructure across Tron, Aptos, and BSC.
- The malware activates at import time and can steal credentials and exfiltrate files.
- Victims should remove the packages, rotate credentials, and inspect shell startup files.
Read More: https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html