AI-Generated Malware Disguised as npm Package Drains Cryptocurrency Wallets

Emoji use suggests crypto-stealing NPM package was AI-made

Kodane code was either machine-generated or done by a teenager An NPM package packed with cryptocurrency-stealing malware appears to have been largely AI-generated, as evidenced by its liberal use of emojis and other telltale signs. Security shop Safety found the Kodane attack code in an npm module masquerading as "NPM Registry Cache Manager," which claimed to offer "license validation and registry optimization" for Node.js apps. But when they dug into it, the source code made very clear what the actual purpose of the software was - in the markdown docs it calls itself Enhanced Stealth Wallet Drainer and, when activated, will empty any cryptocurrency wallet it can find in Windows, macOS, and Linux systems, and send the currency to an address on the Solana blockchain. Judging from the transaction details, the criminal behind the code has had a lot of success, as you can see from the list of successful transactions below. It's a cunning piece of malware, taking most of the money out of any crypto wallet it finds but leaving enough in there to cover the transaction fees when the main loot is removed. In all, 19 packages of the code were spammed out over the space of two days. Although Kodane is the Japanese word for child, the UTC +5 malware upload time suggests the operator could be based in Russia or Central Asia. "The documentation included in the package is professionally written and contains believable technical details, and avoids typical red flags that might alert developers," wrote Paul McCarty, Safety's head of research. "Similarly, the comments through the code are well written, in English, and describe the functions well. What might initially seem legitimate is actually evidence that the malware creator probably used AI to generate convincing technical documentation that disguises the true purpose of the code." A more detailed breakdown of the code gives even further indication that AI was used to write large chunks of it. One key giveaway is the use of emojis - something no serious developer really does. "For some reason code generating AI platforms love to put emojis in source code. No developer that I know does this, unless they are 14," McCarty opined. "Claude, however, does this every time I use it. It's obsessed with emojis, I swear." There are other signs that look like the fingerprints of the Claude model. For example, the code contains a number of markdown files that are formatted in the way the AI engine likes to do it, and makes frequent use of the word "Enhanced," which is another Claude habit. There are also a lot of comments included in the code, and McCarty points out that they are well written - "totally unlike real comments made by humans," he explained. It also has a lot of messages in console.log, another favorite habit for AI-generated code that human developers tend to keep to a minimum. Someone uploaded the malware on July 28, and security teams flagged it as malicious about two days later. All versions have now been removed, but McCarty said that more than 1,500 downloads had occurred, although Safety didn't say from how many individual IP addresses. ®

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The package is no longer available for download from the registry, but not before it attracted over 1,500 downloads. Software supply chain security company Safety, which discovered the library, said the malicious features are advertised directly in the source code, calling it an "enhanced stealth wallet drainer." Specifically, the behavior is triggered as part of a postinstall script that drops its payload within hidden directories across Windows, Linux, and macOS systems, and then proceeds to connect to a command-and-control (C2) server at "sweeper-monitor-production.up.railway[.]app." "The script generates a unique machine ID code for the compromised host and shares that with the C2 server," Paul McCarty, head of research at Safety, said, noting that the C2 server lists two compromised machines. In the npm ecosystem, postinstall scripts are often overlooked attack vectors -- they run automatically after a package is installed, meaning users can be compromised without ever executing the package manually. This creates a dangerous blind spot, especially in CI/CD environments where dependencies are updated routinely without direct human review. The malware is designed to scan the system for the presence of a wallet file, and if found, it proceeds to drain all funds from the wallet to a hard-coded wallet address on the Solana blockchain. While this is not the first time cryptocurrency drainers have been identified in open-source repositories, what makes @kodane/patch-manager stand out are clues that suggest the use of Anthropic's Claude AI chatbot to generate it. This includes the presence of emojis, extensive JavaScript console logging messages, well-written and descriptive comments, the README.md markdown file written in a style that's consistent with Claude-generated markdown files, and Claude's pattern of calling code changes as "Enhanced." The discovery of the npm package highlights "how threat actors are leveraging AI to create more convincing and dangerous malware," McCarty said. The incident also underlines growing concerns in software supply chain security, where AI-generated packages may bypass conventional defenses by appearing clean or even helpful. This raises the stakes for package maintainers and security teams, who now need to monitor not just known malware, but increasingly polished, AI-assisted threats that exploit trusted ecosystems like npm.