Security · 1h ago
Malicious npm Packages Use Blockchain C2 to Deliver RAT
Seven malicious npm packages targeting the Vite ecosystem were discovered in a supply chain attack dubbed ViteVenom. The campaign uses a four-tier blockchain-based command-and-control infrastructure spanning Tron to deliver a remote access trojan. Checkmarx researchers identified the packages as an expansion of the ChainVeil operation.
Meridian48 take
The use of blockchain for C2 adds a layer of stealth that makes takedowns harder, but the real story is how easily such packages slip into the npm registry.
Read the full reporting
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT →
The Hacker News
supply-chain-attacknpm-malware