Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Checkmarx uncovered ViteVenom, a cluster of seven malicious npm packages targeting developers using the Vite frontend tooling ecosystem in a software supply chain attack. The campaign is linked to SuccessKey and ChainVeil, using a four-tier blockchain-based C2 setup across Tron, Aptos, and Binance Smart Chain to deliver a RAT for reverse shells, credential theft, file exfiltration, and persistence. #ViteVenom #ChainVeil #SuccessKey #Vite #Tron #Aptos #BinanceSmartChain

Keypoints

  • Seven malicious npm packages targeted the Vite developer ecosystem.
  • The campaign is part of the ViteVenom operation discovered by Checkmarx.
  • Attackers used a four-tier blockchain C2 infrastructure across Tron, Aptos, and BSC.
  • The malware activates at import time and can steal credentials and exfiltrate files.
  • Victims should remove the packages, rotate credentials, and inspect shell startup files.

Read More: https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html