ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Open Source

ViteVenom supply-chain campaign poisons seven Vite npm packages via blockchain C2

Source headline: Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Checkmarx reports seven malicious npm packages aimed at the Vite frontend tooling ecosystem. The campaign, codenamed ViteVenom, abuses blockchain-based command-and-control to deliver a RAT. It builds on the earlier ChainVeil campaign that used multi-tier infrastructure. Developers installing affected dependencies could unknowingly introduce malware into build or runtime environments. The risk is especially high for teams that trust package metadata without verifying integrity. Mitigation includes auditing dependencies and using strict package signing and allowlists.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#supply-chain #npm #rat #blockchain-c2 #vite
Original reporting The Hacker News Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Open original source