
Seven malicious npm packages impersonating Vite’s official @vitejs/* namespace were published to npm between June 29 and July 3, and they’ve been delivering a remote access trojan through an infrastructure nobody can shut down: the Tron, Binance Smart Chain, and Aptos blockchains. Checkmarx named the campaign ViteVenom — an expansion of an earlier operation called ChainVeil, attributed to a threat actor dubbed SuccessKey. The packages collected around 2,600 downloads before removal. If your team added any @vite-* scoped package over the last three weeks, treat it as compromised until proven otherwise.
The Seven Packages
All seven impersonate the @vitejs/* namespace — the same scope used by the official Vite organization for packages like @vitejs/plugin-react and @vitejs/plugin-vue. The fakes:
@uw010010/vite-tree(1,070 downloads)@vite-tab/tab(289 downloads)@vite-ln/build-ts(252 downloads)@vite-mcp/vite-type(239 downloads)@vite-pro/vite-ui(200 downloads)@vitets/vite-ts(194 downloads)@vite-ts/vite-ui(176 downloads)
None of these come from the official Vite team. The real @vitejs packages are listed at npmjs.com/org/vitejs. Anything using a variation of the pattern — different prefix, numeric suffix, duplicated scope — is a red flag.
Why This Attack Is Different: Blockchain C2
Most supply chain attacks use conventional command-and-control servers. Security teams take down the C2 domain, the malware goes silent, the campaign ends. ViteVenom doesn’t work that way.
The malware retrieves its instructions from blockchain transactions — specifically a four-tier infrastructure: the malware first queries the attacker’s Tron wallet for the latest transactions, decodes those memo fields to get Binance Smart Chain transaction hashes, retrieves the encrypted payload from the BSC transaction input data, and decrypts it locally. If Tron is unavailable, it falls back to Aptos. If the blockchain approach fails entirely, it falls back to a direct HTTP request to a C2 server.
The point that matters: blockchain transactions are immutable. There is no domain to seize, no registrar to call, no server to null-route. As Checkmarx researcher Pavan Gudimalla put it: “The attacker stores payload pointers as transaction data on public blockchains rather than on domain names that can be seized, making the infrastructure nearly impossible to take down.” Even with every package removed from npm, the attack infrastructure remains fully operational.
This is the second confirmed blockchain C2 technique in a major npm supply chain attack this year. The first used Internet Computer Protocol canisters in a compromised Trivy binary. The technique is spreading — and it fundamentally changes how difficult these campaigns are to shut down.
The Detection Gap: Import Time, Not Install Time
Here’s why your existing tooling probably didn’t catch this. The malicious code doesn’t run when you run npm install. It waits until the module is imported in your application.
npm audit, pre-install hook scanners, and most CI/CD security steps execute during the install phase. ViteVenom deliberately sidesteps this. By the time the payload triggers, your install-time tools are long done and their logs are clean. You’d need runtime analysis or deep static analysis of the imported module to catch it — neither of which is standard practice in most frontend pipelines.
What the RAT Does
If the payload executes successfully, the attacker gains:
- A reverse shell — full command execution on the developer’s machine
- Credential harvesting — API keys, SSH keys, browser-stored passwords,
.envfiles - File exfiltration — source code and configuration sent to the attacker
- Persistent backdoor — modifications to
.bashrc,.zshrc, and.profile
Developer machines are a richer target than production servers in some ways: they hold secrets for multiple environments, have broad access to internal tools, and typically run with fewer security controls than production infrastructure.
Why Vite?
Vite now sees around 84 million npm downloads per week. It’s the default build tool for Vue, Svelte, React (since Create React App was deprecated), and Astro. Cloudflare acquired VoidZero — the company behind Vite — in June 2026, raising the project’s profile further.
All of this makes the @vitejs namespace a premium impersonation target. Developers install Vite plugins routinely; an unfamiliar @vite-* scoped package doesn’t immediately raise alarms, especially when it appears in an AI coding agent suggestion or a copied snippet from a tutorial.
What to Do Right Now
First, audit your dependencies for the flagged packages:
npm ls | grep @vite
# or scan directly
grep -r "@vite-\|@vitets\|@uw010010" package.json package-lock.json
If any match appears: remove the package immediately, rotate all credentials accessible from that machine (API keys, tokens, SSH keys), and check for persistence:
grep -E "vite-tree|vite-tab|vite-mcp|vite-pro|vitets" ~/.bashrc ~/.zshrc ~/.profile
Going forward, consider adding Socket to your npm workflow — it provides supply chain risk analysis beyond what npm audit covers, including import-time behavior detection. The full Checkmarx report via The Hacker News includes indicators of compromise you can run against your logs.
The broader lesson from ViteVenom: npm audit alone is no longer sufficient. Supply chain attacks have evolved past install-time execution and are now running C2 on infrastructure that’s immune to domain seizure. Any unknown scoped package deserves verification against the official org page — not just a name match — before installation.













