Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Malicious Vite npm Packages Exploit Blockchain for Cyberattack

Malicious Vite npm Packages Exploit Blockchain for Cyberattack

Posted on July 17, 2026 By CWS

Cybersecurity experts have uncovered a group of seven harmful npm packages that target the Vite frontend tool ecosystem. This discovery is part of a larger software supply chain threat, according to Checkmarx researchers.

Blockchain Infrastructure Fuels Attack

Dubbed ViteVenom, the campaign expands on the earlier ChainVeil threat, which utilized a complex four-tier blockchain-based command-and-control (C2) system across Tron, Aptos, and Binance Smart Chain. This infrastructure is capable of deploying a remote access trojan (RAT) with functions like reverse shell execution, credential theft, file extraction, and persistent backdoor installation.

Checkmarx analyst Pavan Gudimalla highlighted the difficulty in disabling this C2 infrastructure due to its blockchain foundation. The threat actor, identified as SuccessKey, reportedly began activities linked to this campaign as early as February 27, 2026, when related cryptocurrency wallets were activated.

Targeting Vite Developers

The malicious packages were released on npm between June 29 and July 3, 2026, specifically targeting Vite JavaScript developers. These packages include:

  • @uw010010/vite-tree (1070 Downloads)
  • @vite-tab/tab (289 Downloads)
  • @vite-ln/build-ts (252 Downloads)
  • @vite-mcp/vite-type (239 Downloads)
  • @vite-pro/vite-ui (200 Downloads)
  • @vitets/vite-ts (194 Downloads)
  • @vite-ts/vite-ui (176 Downloads)

Unlike previous threats that used unscoped package names, ViteVenom employs scoped names to mimic the legitimate “@vitejs/*” namespace, enhancing its deceptive appearance.

Complex Malware Delivery

The campaigns share a common use of tier-2 infrastructure to distribute the RAT. The process involves querying the Tron blockchain for the attacker’s wallet transactions, decoding transaction data to obtain a Binance Smart Chain transaction hash, and extracting an encrypted payload, which is then decrypted using a fixed key.

Gudimalla noted that by using public blockchains for payload storage, the attacker avoids reliance on domain names, making takedown efforts challenging. Should the Tron method fail, Aptos serves as a backup, while a fallback mechanism allows direct RAT retrieval via HTTP, bypassing blockchain entirely.

Users who have utilized these packages are urged to remove them promptly, scrutinize dependencies, change credentials, and verify for unauthorized changes in configuration files like .bashrc and .zshrc.

Checkmarx pointed out that the apparent differences in package names, maintainer accounts, and file paths suggest a single operator is managing multiple distribution channels to minimize risk exposure.

The Hacker News Tags:Blockchain, Checkmarx, Cyberattack, Cybersecurity, Malware, npm packages, remote access trojan, software supply chain, SuccessKey, Vite

Post navigation

Previous Post: Ransomware Disrupts Fairlife Production in U.S.
Next Post: EY Faces Data Breach: IT System Compromised

Related Posts

Malicious Go Module Targets Passwords and Installs Backdoor Malicious Go Module Targets Passwords and Installs Backdoor The Hacker News
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages The Hacker News
Securing the Open Android Ecosystem with Samsung Knox Securing the Open Android Ecosystem with Samsung Knox The Hacker News
Dell RecoverPoint VMs Vulnerability Exploited Since 2024 Dell RecoverPoint VMs Vulnerability Exploited Since 2024 The Hacker News
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub The Hacker News
Security Flaws in OpenClaw AI: New Research Reveals Risks Security Flaws in OpenClaw AI: New Research Reveals Risks The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark