Redazione RHC : 3 August 2025 11:31
Researchers have identified a new threat in the npm ecosystem: a malicious AI-generated package called @kodane/patch-manager, designed to steal cryptocurrency. Presented as a library for “advanced license control and registry optimization for high-performance Node.js applications,” it was uploaded by a user named Kodane on July 28, 2025, and downloaded more than 1,500 times before being removed from the public registry.
According to Safety, a company specializing in software supply chain protection, the malicious activity is embedded directly in the source code and disguises itself as “advanced stealth wallet emptying.” The infection occurs in the postinstall phase, where the script automatically executes immediately after the package is installed, which is particularly dangerous in opaque CI/CD processes where dependencies are updated without human intervention. Therefore, the system can be compromised without manually executing the code.
The malware component creates a unique machine identifier and transmits it to the sweeper-monitor-production.up.railway.app command server. The server records the compromised hosts; at least two were registered at the time of analysis. The script distributes the payload to hidden directories on Windows, Linux, and macOS systems, making it difficult to detect.
Next, the device is scanned for cryptocurrency wallets. If a local wallet file is detected, the drainer automatically withdraws all funds to a predefined address in the Solana blockchain. The mechanism works autonomously and does not require user interaction, making the attack particularly effective.
Of particular interest is the fact that the package appears to have been generated partially or entirely using Anthropic’s Claude chatbot. This is indicated by the following telltale signs: emojis in the logs, overly detailed and well-structured comments in the code, numerous self-explanatory console messages, and a README file formatted in the style of Claude’s typical templates. Additionally, code changes are often marked with the word “Enhanced,” a well-established build pattern for Claude.
According to analysts, the attack highlights the rapidly growing risk of using neural networks to create malicious code—and not just any code, but carefully crafted, plausible, and often seemingly “useful” code. This complicates the task of security teams and support developers: a threat can masquerade as a legitimate library, pass screening, and enter production without obvious signs of maliciousness.
Redazione