Sequel to ChainVeil npm malware: ViteVenom

2026-07-14 Checkmarx

https://checkmarx.com/zero-post/sequel-to-chainveil-npm-malware-targets-vite-ecosystem/

Thumbnail for Sequel to ChainVeil npm malware: ViteVenom

Checkmarx identified seven malicious npm packages that impersonated Vite-related scopes and delivered an obfuscated remote-access trojan through Tron, Aptos, and Binance Smart Chain infrastructure. Shared wallets, XOR keys, loader structure, and payloads link the ViteVenom cluster to the earlier ChainVeil campaign, although the researchers cannot completely exclude a shared-service model. The article attributes the activity to a common malware operator but does not connect that operator or either campaign to North Korea.

Indicators of Compromise

Type Value First Seen Last Seen
WALLET 0x3d2075f97b7b1e3234bd653779d21… 2026-07-14 2026-07-14
WALLET 0x9d202c824402ca89e9aaccd2390b6… 2026-07-14 2026-07-14
WALLET TFMryB9m6d4kBMRjEVyFRbqKSV1cV2N… 2026-07-14 2026-07-14
WALLET TCqf6ZkaQD84vYsC2cuu1jRwB6JveTa… 2026-07-14 2026-07-14
WALLET 0x533b2dbcaeff19cd1f799234a27b5… 2026-06-16 2026-07-14
WALLET TA48dct6rFW8BXsiLAtjFaVFoSuryMj… 2026-06-16 2026-07-14
IPv4 166.88.54.158 2026-04-24 2026-07-14
IPv4 198.105.127.210 2026-03-05 2026-07-14
IPv4 23.27.202.27 2025-10-20 2026-07-14

Related Actors

Related Reports

« Back