Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT — Ravie LakshmananJul 17, 2026Software Supply Chain / Malware [https://blogger.googleus
What’s new: Researchers have identified seven malicious npm packages targeting the Vite frontend tooling ecosystem, part of a software supply chain attack named ViteVenom. This campaign utilizes a four-tier blockchain-based command-and-control (C2) infrastructure to deliver a remote access trojan (RAT) capable of reverse shell access, credential harvesting, file exfiltration, and persistent backdoor injection. The malicious packages were published between June 29 and July 3, 2026, and are linked to the threat actor SuccessKey.
Who’s affected
Developers using the Vite JavaScript and frontend build tool who have installed the identified malicious packages:
- @uw010010/vite-tree (1070 Downloads)
- @vite-tab/tab (289 Downloads)
- @vite-ln/build-ts (252 Downloads)
- @vite-mcp/vite-type (239 Downloads)
- @vite-pro/vite-ui (200 Downloads)
- @vitets/vite-ts (194 Downloads)
- @vite-ts/vite-ui (176 Downloads)
What to do
- Remove the identified malicious packages immediately.
- Audit all dependencies for unauthorized modifications.
- Rotate all credentials associated with affected systems.
- Check for unauthorized changes in .bashrc, .zshrc, and .profile files.



