SuccessKey ViteVenom ChainVeil supply-chain campaign targeting Vite developers
Campaign
Summary
Hide ▲
Show ▼
The SuccessKey-linked ViteVenom campaign is targeting Vite developers with seven malicious npm packages and a blockchain-based C2 path that delivers a RAT. The operation matters because it uses typosquatted package names and public-chain infrastructure to make takedown and detection harder while enabling credential harvesting and file exfiltration.
Related Happenings
ViteVenom malicious npm packages delivering blockchain-backed RAT
Malware Activity
H score3
First: 17.07.2026 21:54
Last: 17.07.2026 21:54
Sources 1
How related:
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.
About this happening:
A cluster of seven malicious npm packages has targeted the Vite frontend ecosystem, delivering a blockchain-backed RAT loader that can harvest credentials and exfiltra...
ViteVenom malicious npm packages delivering blockchain-backed RAT
Malware ActivityHow related: Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.
About this happening: A cluster of seven malicious npm packages has targeted the Vite frontend ecosystem, delivering a blockchain-backed RAT loader that can harvest credentials and exfiltra...
Compromised @asyncapi npm packages distributing the Miasma loader
Malware Activity
H score29
First: 15.07.2026 12:16
Last: 15.07.2026 12:16
Sources 1
About this happening:
Four compromised @asyncapi npm packages now deliver a multi-stage botnet loader when imported, exposing consumers to Miasma payloads during normal Node.js module load....
Compromised @asyncapi npm packages distributing the Miasma loader
Malware ActivityAbout this happening: Four compromised @asyncapi npm packages now deliver a multi-stage botnet loader when imported, exposing consumers to Miasma payloads during normal Node.js module load....
@Injectivelabs/[email protected] wallet-stealing package
Malware Activity
H score30
First: 10.07.2026 20:29
Last: 10.07.2026 20:29
Sources 1
About this happening:
The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...
@Injectivelabs/[email protected] wallet-stealing package
Malware ActivityAbout this happening: The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...
Malicious npm and PyPI payment SDK typosquat packages
Malware Activity
H score40
First: 09.07.2026 18:09
Last: 09.07.2026 18:09
Sources 1
About this happening:
The 17 malicious npm and PyPI packages targeted Paysafe, Skrill, and Neteller SDKs to steal system information and developer secrets, then send the data to an Ng...
Malicious npm and PyPI payment SDK typosquat packages
Malware ActivityAbout this happening: The 17 malicious npm and PyPI packages targeted Paysafe, Skrill, and Neteller SDKs to steal system information and developer secrets, then send the data to an Ng...
Rollup polyfill npm package malware activity for remote access and data theft
Malware Activity
H score16
First: 03.07.2026 19:07
Last: 03.07.2026 19:07
Sources 1
About this happening:
Malicious npm packages disguised as Rollup polyfill tooling are now delivering remote-access and data-theft payloads to developer workstations and build machines. The...
Rollup polyfill npm package malware activity for remote access and data theft
Malware ActivityAbout this happening: Malicious npm packages disguised as Rollup polyfill tooling are now delivering remote-access and data-theft payloads to developer workstations and build machines. The...
Timeline
-
17.07.2026 21:54 1 articles · 2h ago
SuccessKey-linked ViteVenom wallets are activated
Exploitation ObservedCryptocurrency wallets linked to ViteVenom were activated on February 27, 2026, showing malicious activity tied to the SuccessKey-attributed campaign before the later discovery of the npm package cluster.
Show sources
- Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT — thehackernews.com — 17.07.2026 21:54
-
17.07.2026 21:54 1 articles · 2h ago
Checkmarx identifies seven malicious Vite npm packages
Initial DisclosureCheckmarx identified seven malicious npm packages aimed at the Vite frontend tooling ecosystem, said the campaign is attributed to SuccessKey, and described scoped typosquats that impersonate the "@vitejs/*" namespace while using a four-tier blockchain C2 across Tron, Aptos, and Binance Smart Chain to deliver a RAT with reverse shell access, credential harvesting, file exfiltration, and persistent backdoor injection. The packages were published between June 29 and July 3, 2026, and the malicious code executes at import time rather than install time.
Show sources
- Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT — thehackernews.com — 17.07.2026 21:54