Cybersecurity researchers have flagged malicious NPM packages generated using artificial intelligence (AI) to hide cryptocurrency wallet drainers.
The package @kodane/patch-manager claims to provide “advanced license verification and registry optimization utility for high-performance node.js applications.” It was uploaded to NPM on July 28, 2025 by a user named “Kodane.” This package is no longer available for download from the registry, but not before it attracts over 1,500 downloads.
The safety of the software supply chain security company that discovered the library said malicious features were promoted directly in the source code and called “enhanced stealth wallet drainers.”
Specifically, the behavior is triggered as part of a post-install script that drops payloads within hidden directories across Windows, Linux and MacOS systems, then connects to the Command and Control (C2) server with “Sweeper-Monitor-Production.up.railway”.[.]App. “
“This script generates a unique machine ID code for the compromised host and shares it with the C2 server,” says Paul McCarty, Secure Research Director, noting that the C2 server lists two compromised machines.
In the NPM ecosystem, post-install scripts are often overlooked attack vectors. It runs automatically after the package is installed. This means you can compromise without having to run the package manually. This creates dangerous blind spots, especially in CI/CD environments where dependencies are routinely updated without direct human reviews.
Malware is designed to scan the system for the existence of wallet files, and if found, it will drain all funds from the wallet into the hard-coded wallet address of the Solana blockchain.
This is not the first time that cryptocurrency drainers have been identified in an open source repository, but what sets the @Kodane/Patch-Manager apart is a clue that suggests the use of Anthropic’s Claude AI chatbot.
This changes the pattern of emojis as “enhanced” as the existence of emojis, extensive JavaScript console logging messages, well written descriptive comments, Readme.md Markdown files written in a style that matches the Claude-generated Markdown files, and Claude calling code.
The discovery of the NPM package highlights “how they use AI-threatening AI to create more persuasive and dangerous malware.”
The incident also highlights growing concerns in software supply chain security. This security can bypass traditional defenses by making AI-generated packages look clean or useful. This will raise stocks in the package maintainer and security team. Not only malware, we need to monitor the increasingly sophisticated AI-assisted threats that leverage trusted ecosystems like NPM.
Source link
