Home/News/Seven Malicious Vite npm Packages Use Blockchain C2
The Hacker News3 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

Seven Malicious Vite npm Packages Use Blockchain C2

Seven Malicious Vite npm Packages Use Blockchain C2

Cybersecurity researchers have identified seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The campaign, codenamed ViteVenom by Checkmarx, utilizes an "unprecedented" four-tier blockchain-based command-and-control (C2) infrastructure. This infrastructure spans multiple blockchain networks, including Tron, BNB Smart Chain, Polygon, and Ethereum, to manage the malicious activity and deliver a remote access trojan (RAT).

The discovered packages, including `vite-plugin-inspect`, `vite-plugin-vue-jsx`, `vite-plugin-windicss`, `vite-plugin-stylelint`, `vite-plugin-checker`, `vite-plugin-html`, and `vite-plugin-inspect-vue`, were found to contain malicious code designed to compromise developer systems. Upon installation, these packages attempt to establish communication with the blockchain-based C2 servers. The attackers leverage smart contracts on these blockchains to store and retrieve C2 server addresses, making the infrastructure highly resilient and difficult to disrupt.

Checkmarx's analysis indicates that the ViteVenom campaign is an evolution of a previously observed threat known as ChainVeil. The use of blockchain technology for C2 communication represents a significant advancement in the sophistication of software supply chain attacks. This method allows attackers to maintain control over compromised systems while evading traditional security measures that typically monitor network traffic for C2 communication. The RAT deployed by these packages is capable of executing arbitrary commands on the victim's machine, potentially leading to data theft, further malware deployment, or system takeover.

The researchers advise developers using the Vite build tool to exercise extreme caution and thoroughly vet all npm packages before integration into their projects. Verifying package authenticity, checking for recent updates, and reviewing package code for suspicious behavior are crucial steps in mitigating the risk of such supply chain attacks. The findings highlight the growing threat landscape in open-source software development and the need for enhanced security practices within the developer community.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next