- Researchers at Checkmarx uncovered the ViteVenom campaign, a software supply chain attack using seven malicious npm packages targeting the Vite frontend tooling ecosystem.
- The attack, attributed to the threat actor SuccessKey, repurposes the ChainVeil malware’s blockchain-based command-and-control infrastructure across Tron, Aptos, and Binance Smart Chain.
- The malicious packages were published to npm between June 29 and July 3, 2026, with over 2,400 total downloads, and execute a remote access trojan upon code import.
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack orchestrated by a threat actor named SuccessKey. The campaign, codenamed ViteVenom by Checkmarx, expands upon the previously observed ChainVeil malware, which utilized a blockchain-based command-and-control (C2) infrastructure spanning Tron, Aptos, and Binance Smart Chain.
This iteration specifically focuses on developers building applications with the Vite build tool. The malicious packages, published between June 29 and July 3, 2026, include @uw010010/vite-tree and @vite-tab/tab, among others, according to a Checkmarx analysis.
Activity linked to SuccessKey has been detected as far back as February 27, 2026, when associated cryptocurrency wallets were activated. Unlike the ChainVeil campaign’s unscoped typosquats, ViteVenom uses scoped package names to impersonate the legitimate “@vitejs/*” namespace.
The malicious code acts as a loader by querying the Tron blockchain for the latest transaction from the attacker’s wallet to obtain a Binance Smart Chain transaction hash. The attacker subsequently retrieves and decrypts the final payload using a hard-coded key, delivering a remote access trojan capable of reverse shell, credential harvesting, and file exfiltration.
Checkmarx researcher Pavan Gudimalla explained that “this tactic makes disabling or destroying the C2 infrastructure extremely difficult.” Users who have installed any of the identified packages are advised to remove them immediately, audit dependencies, and rotate all credentials.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- SpaceX Stock Future: Starlink Profit vs $5B Loss & $2.1T Valuation
- China’s Moonshot AI Launches Kimi K3, Triggering Global Tech Selloff
- Nebius Secures $775M Loan Backed by Deployed GPU Hardware
- Bitcoin dips below $62.5K as US-Iran war, stocks slide at Wall Street open
- SanDisk stock crashes 12.6%, analysts predict worst-case drop to $1,000
