Cybersecurity researchers discovered an AI-generated malicious npm package, @kodane/patch-manager, that secretly drains cryptocurrency wallets. This incident underscores the emerging threat of AI-crafted malware exploiting supply chain vulnerabilities. #npm #AIgeneratedMalware
Keypoints
- An AI-created npm package was found to contain hidden cryptocurrency wallet drainers.
- The malicious package activates via postinstall scripts, affecting Windows, Linux, and macOS systems.
- The malware connects to a C2 server, generating a machine ID and stealing wallet funds on the Solana blockchain.
- The package shows signs of using Anthropicβs Claude AI chatbot for its sophisticated features and style.
- This incident highlights the risks of AI-generated malware bypassing traditional security measures in open-source ecosystems.
Read More: https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.html