SECURITYTHE HACKER NEWS
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers discovered seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The packages, part of a campaign codenamed ViteVenom by Checkmarx, expand the ChainVeil operation, which uses a blockchain-based command-and-control infrastructure spanning Tron.
Related Signal
Adjacent reporting
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools
- New Shai-Hulud malware wave compromises 600 npm packages
- Another npm supply chain worm is tearing through dev environments
- New IronWorm malware hits 36 packages in npm supply-chain attack
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages