Hackers Leverage AI to Craft Malicious NPM Package That Drains Crypto Wallets

Security researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer.

This package, posing as a benign “NPM Registry Cache Manager” for license validation and registry optimization, embeds sophisticated mechanisms to siphon funds from developers’ and users’ crypto wallets.

Published under the NPM username “Kodane,” the malware’s source code brazenly self-identifies as the “ENHANCED STEALTH WALLET DRAINER” in its internal documentation, revealing its true intent despite elaborate disguises.

The package’s postinstall script, executed via Node.js, initiates the infection chain by renaming and making executable key files monitor.js, sweeper.js, and utils.js before installing them into hidden directories mimicking legitimate NPM cache paths.

On macOS, it targets ~/Library/Application Support/npm/registry-cache/; on Linux, ~/.local/share/npm/registry-cache/; and on Windows, %APPDATA%npmregistry-cache/, where it further conceals the directory using the attrib +H command for hidden attributes.

Sophisticated Wallet Drainer

Once deployed, the malware achieves persistence by spawning a detached background process from connection-pool.js, which establishes communication with a command-and-control (C2) server at https://sweeper-monitor-production.up.railway.app.

This script generates a unique machine identifier for the compromised host and relays it to the C2, which remains publicly accessible without authentication, managing multiple infected systems.

Researchers observed active “funding events” on the server, with logs indicating recent compromises on hosts like SmFtZXNz and bG9jYWxo, though the operator periodically clears records.

Upon detecting wallet files, the process hands off to transaction-cache.js, which performs the actual draining identifying assets, calculating transfer fees, and sweeping the majority of funds while leaving just enough for transaction costs.

Utilizing a hardcoded Solana RPC endpoint at https://mainnet.helius-rpc.com/?api-key=97188cdf-0b78-4cba-86f9-c4bbbd44c6aa, it funnels stolen assets to the address B2XwbrGSXs3LAAcqFqKqGUug5TFA1Bug2NNGH3F3mWNK, which exhibits high transaction volume suggestive of widespread exploitation.

The malware’s creator, potentially from a UTC+5 timezone region such as Russia, China, or India based on publication timestamps, released 19 versions starting July 28, 2025.

The package amassed over 1,500 downloads before NPM flagged it as malicious on July 30, 2025, at 4:56 PM AEST, rendering it unavailable.

Analysis of timestamps and the name “Kodane” (Japanese for “child”) offers limited insights into the actor’s origin, but the code’s polish points to AI assistance.

Clues Pointing to AI-Generated Malware Code

Several hallmarks in the package’s structure betray its AI origins, likely from tools like Claude.

The source code features excessive emojis, atypical for professional developers, alongside verbose console.log statements that redundantly echo comments.

Comments are overly abundant and lucid, following a uniform pattern across files contrasting with the cryptic, team-specific notes in human-authored code.

The README.md employs consistent markdown styling with numerous inline code snippets, a signature of AI generation. Notably, the malware labels itself “Enhanced,” a common AI convention for modified outputs.

This AI leverage enables threat actors to produce convincing, professional-grade documentation and code, evading initial scrutiny while embedding stealthy persistence and exfiltration logic.

Such tactics underscore the growing risk of AI-amplified malware in supply chain attacks, where seemingly legitimate packages can compromise development environments and downstream users.

Indicators of Compromise (IOCs)

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!