Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Summary

Researchers have uncovered seven malicious npm packages targeting the Vite frontend tooling ecosystem, named ViteVenom by Checkmarx. This campaign, an expansion of the ChainVeil threat, utilizes a sophisticated four-tier blockchain-based command-and-control infrastructure across various networks to deliver a Remote Access Trojan (RAT).

IFF Assessment

FOE

The discovery of new malicious packages designed for software supply chain attacks and the use of advanced C2 infrastructure indicates a growing threat to software development and deployment pipelines.

Defender Context

This attack highlights the persistent risks associated with software supply chain compromises, emphasizing the need for thorough vetting of dependencies, especially those targeting popular development tools like Vite. Defenders should monitor for unusual network activity and be prepared to investigate potential RAT infections stemming from compromised packages.

Read Full Story →