Vite and npm under fire: malicious packages hid RAT via blockchain C2

Colleagues, I’d like to flag a cybersecurity incident: seven malicious npm packages were found in the Vite ecosystem.
This is a classic supply-chain attack, with an unusual control channel. For C2, the threat actors used Tron, Aptos and Binance Smart Chain.
The code did not trigger during installation; it activated on import. It then downloaded a loader and a RAT capable of collecting credentials, exfiltrating files and persisting on the system.
If any of these packages were installed, I would remove them immediately, review dependencies, rotate credentials and inspect .bashrc, .zshrc and .profile.
Why it matters: attacks via public repositories and blockchain-based C2 are harder to detect and nearly impossible to shut down.
Do you review dependencies in your projects?
#cybersecurity #npm #Vite #SupplyChain


Latest comments
No comments yet.