AI-Generated Malware Disguised as npm Package Drains Cryptocurrency Wallets

Reviewed byNidhi Govil

2 Sources

A malicious npm package, likely created using AI, has been discovered stealing cryptocurrency from users' wallets. The package, masquerading as a legitimate tool, highlights the growing threat of AI-assisted malware in software supply chains.

AI-Generated Malware Targets Cryptocurrency Wallets

In a concerning development at the intersection of artificial intelligence and cybersecurity, researchers have uncovered a malicious npm package that appears to have been generated using AI. The package, named "@kodane/patch-manager," was designed to drain cryptocurrency wallets and managed to attract over 1,500 downloads before being taken down 1.

Source: The Hacker News

Source: The Hacker News

Deceptive Packaging and Functionality

The malicious package masqueraded as a legitimate tool, claiming to offer "license validation and registry optimization" for Node.js applications. However, upon closer inspection, security researchers from Safety discovered its true nature as an "Enhanced Stealth Wallet Drainer" 2.

The malware's functionality is particularly cunning. It targets cryptocurrency wallets on Windows, macOS, and Linux systems, draining funds to a predefined address on the Solana blockchain. Interestingly, it leaves enough currency in the wallet to cover transaction fees, potentially delaying detection 1.

AI Fingerprints in the Code

What sets this malware apart is the strong indication that it was generated using AI, specifically Anthropic's Claude model. Paul McCarty, Safety's head of research, pointed out several telltale signs:

  1. Liberal use of emojis in the source code
  2. Well-written and descriptive comments throughout the code
  3. Extensive JavaScript console logging messages
  4. README.md files formatted in a style consistent with Claude-generated markdown
  5. Frequent use of the word "Enhanced," a known Claude habit 12
Source: The Register

Source: The Register

McCarty noted, "For some reason code generating AI platforms love to put emojis in source code. No developer that I know does this, unless they are 14" 1.

Implications for Software Supply Chain Security

The discovery of this AI-generated malware raises significant concerns about software supply chain security. The package's professional appearance and well-written documentation could easily deceive developers and bypass conventional security measures 2.

Of particular concern is the use of postinstall scripts, which run automatically after a package is installed. This creates a dangerous blind spot, especially in CI/CD environments where dependencies are updated routinely without direct human review 2.

Spread and Impact

The malicious package was uploaded on July 28, 2025, and flagged as malicious about two days later. In that short time, it managed to attract over 1,500 downloads. While all versions have now been removed, the actual impact remains unclear as the number of unique IP addresses that downloaded the package is unknown 12.

Future Implications

This incident highlights the growing threat of AI-assisted malware creation. As AI tools become more sophisticated and accessible, cybercriminals can potentially create more convincing and dangerous malware that can evade traditional detection methods 2.

The cybersecurity community now faces the challenge of not only monitoring for known malware but also developing strategies to detect and mitigate increasingly polished, AI-assisted threats that exploit trusted ecosystems like npm 2.

Explore today's top stories

Anthropic Revokes OpenAI's Access to Claude AI Models Amid Competitive Tensions

Anthropic has cut off OpenAI's API access to its Claude AI models, citing violations of terms of service. The move comes as OpenAI prepares to launch GPT-5, highlighting growing competition in the AI industry.

TechCrunch logoWired logoBleeping Computer logo

5 Sources

Technology

12 hrs ago

Anthropic Revokes OpenAI's Access to Claude AI Models Amid

Big Tech's AI Arms Race: $344 Billion Spending Spree in 2025

Major tech companies are investing unprecedented amounts in AI infrastructure, with combined spending expected to reach $344 billion in 2025. This massive expenditure reflects the intense competition and fear of missing out in the rapidly evolving AI landscape.

Bloomberg Business logoThe Guardian logoThe Japan Times logo

3 Sources

Business and Economy

20 hrs ago

Big Tech's AI Arms Race: $344 Billion Spending Spree in 2025

Bill Gates Warns of AI's Rapid Progress and Uncertain Timeline for Human Job Replacement

Microsoft co-founder Bill Gates expresses surprise at AI's rapid advancement and discusses its potential to replace human workers, highlighting the uncertainty surrounding the timeline for this transition.

Fortune logoBenzinga logo

2 Sources

Technology

12 hrs ago

Bill Gates Warns of AI's Rapid Progress and Uncertain

AI Startups Surge: Record-Breaking Investments and Strategic Acquisitions Shape the Industry Landscape

AI startups are experiencing unprecedented growth with record-breaking investments and strategic acquisitions, signaling a robust market despite economic uncertainties.

App Developer Magazine logoBenzinga logo

2 Sources

Startups

12 hrs ago

AI Startups Surge: Record-Breaking Investments and

AI Breakthrough: New Materials Discovered for Next-Generation Batteries

Researchers at NJIT use AI to identify five promising materials for multivalent-ion batteries, potentially revolutionizing energy storage technology and offering a sustainable alternative to lithium-ion batteries.

ScienceDaily logoTech Xplore logo

2 Sources

Science and Research

12 hrs ago

AI Breakthrough: New Materials Discovered for
TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo