✦ For YouGeopoliticsTechFinanceHealthEnergySportsCulture◆ SN Last Week★ Saved

7 Malicious Vite npm Packages Use Blockchain C2 to Drop RAT

By The Hacker News · Summarized & edited by · 2026-07-18
7 Malicious Vite npm Packages Use Blockchain C2 to Drop RAT

Get the Tech newsletter

Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.

Why it matters: Developers who installed the seven packages — published between June 29 and July 3, 2026 with up to 1,070 downloads each — may have silently handed attackers reverse shells, credentials, and persistent backdoors, with malicious shell-file modifications hiding future access. By storing C2 pointers on public blockchains instead of domains, the attacker eliminates the traditional takedown lever, and shared infrastructure with ChainVeil shows one operator is methodically iterating across ecosystems.

Share this story

More tech → Read original →

Get the Tech newsletter

Curated tech stories, every morning. Free.

No spam. Unsubscribe anytime.