ViteVenom is a malicious npm package cluster targeting developers in the Vite JavaScript build-tool ecosystem. It is associated with a software supply-chain intrusion in which typosquatted or impersonating scoped packages executed malicious code at import time and delivered a remote access trojan. The operation is assessed with high confidence to be linked to the earlier ChainVeil campaign, based on shared blockchain-based command-and-control infrastructure, identical decryption keys, and the same final RAT payload; some reporting also attributes the activity to the threat actor SuccessKey.
The malware chain uses a resilient multi-stage retrieval architecture built around public blockchains, including Tron, Aptos, and Binance Smart Chain, with an additional direct network fallback. The loader obtains transaction data from attacker-controlled blockchain artifacts, transforms that data into pointers for subsequent stages, retrieves encrypted payloads from blockchain transactions, decrypts them with hard-coded XOR keys, and executes the resulting code. One stage executes payloads directly in the main process, while another can launch a detached hidden child Node.js process and fall back to in-process execution if process creation fails. The campaign also used anti-analysis and anti-tampering measures, including obfuscated strings, concealed sensitive keywords, and replay-avoidance logic.
The delivered payload is a RAT that supports reverse shell access, credential theft, file exfiltration, and persistence. Reported post-compromise risks include theft of browser sessions, SSH keys, npm tokens, cloud credentials, API keys, and source code repositories from developer workstations, creating potential downstream exposure across CI/CD environments and software publishing pipelines. Persistence has been reported through modification of shell startup files on affected systems.
ViteVenom primarily targeted developer endpoints rather than end-user systems, especially environments building frontend projects with Vite. The campaign used package names resembling legitimate Vite-related tooling and mixed malicious and clean releases in at least one package lineage, likely to reduce suspicion and evade superficial review. The identified packages were removed from npm in early July 2026, but the broader backend infrastructure remained active, indicating an ongoing operator capability beyond the initial package takedowns.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an "unprecedented" four-tier blockchain-based command-and-control (C2) infrastructure ... to deliver a remote access trojan (RAT) capable reverse shell, credential harvesting, file exfiltration, and persistent backdoor injection.
15 distinct techniques documented for this family, organized by ATT&CK tactic.
ViteVenom is a cluster of seven malicious scoped npm packages published in late June and early July 2026... Scoped packages look more trustworthy in a package.json because they appear to belong to an organization — making this a step up in social engineering from ChainVeil’s approach.
A self-executing function takes a 653-character scrambled string and seed 4606094, applies a deterministic character-swap algorithm, and produces an array of 63 strings... Every sensitive value — URLs, blockchain addresses, XOR keys — is accessed by index lookup rather than written in plain text.
ViteVenom uses scoped package names such as @vite-pro/vite-ui and @vitets/vite-ts that mimic the legitimate @vitejs/* namespace.
If the Tron-based payload retrieval method fails, the malware uses Aptos as a backup.
The loader does not simply download a payload from one domain. It queries a Tron transaction, decodes transaction data to obtain a Binance Smart Chain transaction hash, extracts encrypted payload data from the BSC transaction, and decrypts it with a hard-coded key. If the Tron route fails, the malware can use Aptos as a backup path.
using an "unprecedented" four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron, Aptos, and Binance Smart Chain to deliver a remote access trojan
12 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A developer-targeting npm supply-chain malware cluster that masquerades as Vite-related packages and delivers a remote access trojan. It uses blockchain-based C2/payload routing via Tron, Aptos, and Binance Smart Chain, with HTTP fallback, and supports remote shell access, credential theft, file exfiltration, and persistence.
A malicious npm supply-chain campaign targeting the Vite ecosystem. It uses scoped typosquat packages and a blockchain-backed multi-tier C2 design to retrieve and decrypt next-stage payloads, launch a RAT, enable reverse shell access, harvest credentials, exfiltrate files, and establish persistence via backdoor injection.
A malicious npm package cluster targeting the Vite ecosystem. It disguises itself as Vite-related scoped packages, uses obfuscated JavaScript in bin/vite.js, resolves staged payloads through a blockchain-based C2 chain using Tron, Aptos, and BSC, executes one payload via eval and another via a detached hidden child process, and ultimately delivers a 77KB RAT with persistence and direct C2 communications.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.