AI-Generated Malware Disguised as npm Package Drains Cryptocurrency Wallets

Reviewed byNidhi Govil

2 Sources

A malicious npm package, likely created using AI, has been discovered stealing cryptocurrency from users' wallets. The package, masquerading as a legitimate tool, highlights the growing threat of AI-assisted malware in software supply chains.

AI-Generated Malware Targets Cryptocurrency Wallets

In a concerning development at the intersection of artificial intelligence and cybersecurity, researchers have uncovered a malicious npm package that appears to have been generated using AI. The package, named "@kodane/patch-manager," was designed to drain cryptocurrency wallets and managed to attract over 1,500 downloads before being taken down 1.

Source: The Hacker News

Source: The Hacker News

Deceptive Packaging and Functionality

The malicious package masqueraded as a legitimate tool, claiming to offer "license validation and registry optimization" for Node.js applications. However, upon closer inspection, security researchers from Safety discovered its true nature as an "Enhanced Stealth Wallet Drainer" 2.

The malware's functionality is particularly cunning. It targets cryptocurrency wallets on Windows, macOS, and Linux systems, draining funds to a predefined address on the Solana blockchain. Interestingly, it leaves enough currency in the wallet to cover transaction fees, potentially delaying detection 1.

AI Fingerprints in the Code

What sets this malware apart is the strong indication that it was generated using AI, specifically Anthropic's Claude model. Paul McCarty, Safety's head of research, pointed out several telltale signs:

  1. Liberal use of emojis in the source code
  2. Well-written and descriptive comments throughout the code
  3. Extensive JavaScript console logging messages
  4. README.md files formatted in a style consistent with Claude-generated markdown
  5. Frequent use of the word "Enhanced," a known Claude habit 12
Source: The Register

Source: The Register

McCarty noted, "For some reason code generating AI platforms love to put emojis in source code. No developer that I know does this, unless they are 14" 1.

Implications for Software Supply Chain Security

The discovery of this AI-generated malware raises significant concerns about software supply chain security. The package's professional appearance and well-written documentation could easily deceive developers and bypass conventional security measures 2.

Of particular concern is the use of postinstall scripts, which run automatically after a package is installed. This creates a dangerous blind spot, especially in CI/CD environments where dependencies are updated routinely without direct human review 2.

Spread and Impact

The malicious package was uploaded on July 28, 2025, and flagged as malicious about two days later. In that short time, it managed to attract over 1,500 downloads. While all versions have now been removed, the actual impact remains unclear as the number of unique IP addresses that downloaded the package is unknown 12.

Future Implications

This incident highlights the growing threat of AI-assisted malware creation. As AI tools become more sophisticated and accessible, cybercriminals can potentially create more convincing and dangerous malware that can evade traditional detection methods 2.

The cybersecurity community now faces the challenge of not only monitoring for known malware but also developing strategies to detect and mitigate increasingly polished, AI-assisted threats that exploit trusted ecosystems like npm 2.

Explore today's top stories

Google Offers Free Weekend Access to Gemini's Veo 3 AI Video Generation Tool

Google is providing free users of its Gemini app temporary access to the Veo 3 AI video generation tool, typically reserved for paying subscribers, for a limited time this weekend.

Android Police logo9to5Google logoTechRadar logo

3 Sources

Technology

19 hrs ago

Google Offers Free Weekend Access to Gemini's Veo 3 AI

UK Government Considers Nationwide ChatGPT Plus Access in Talks with OpenAI

The UK's technology secretary and OpenAI's CEO discussed a potential multibillion-pound deal to provide ChatGPT Plus access to all UK residents, highlighting the government's growing interest in AI technology.

The Guardian logoDigital Trends logo

2 Sources

Technology

3 hrs ago

UK Government Considers Nationwide ChatGPT Plus Access in

AI-Generated Articles Slip Through Editorial Filters at Major Publications

Multiple news outlets, including Wired and Business Insider, have been duped by AI-generated articles submitted under a fake freelancer's name, raising concerns about the future of journalism in the age of artificial intelligence.

Wired logoThe Guardian logoFuturism logo

4 Sources

Technology

2 days ago

AI-Generated Articles Slip Through Editorial Filters at

Google's New Gemini-Powered Smart Speaker: A Glimpse into the Future of AI Home Assistants

Google inadvertently revealed a new smart speaker during its Pixel event, sparking speculation about its features and capabilities. The device is expected to be powered by Gemini AI and could mark a significant upgrade in Google's smart home offerings.

engadget logoGizmodo logoPCWorld logo

5 Sources

Technology

1 day ago

Google's New Gemini-Powered Smart Speaker: A Glimpse into

The Evolution of Search: How AI and Changing User Behavior Are Reshaping Digital Marketing

As AI and new platforms transform search behavior, brands must adapt their strategies beyond traditional SEO to remain visible in an increasingly fragmented digital landscape.

Gulf Business logoCampaign India logo

2 Sources

Technology

1 day ago

The Evolution of Search: How AI and Changing User Behavior
TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo