Malicious AI-generated npm package hits Solana users
August 01, 2025
AI-generated npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025.
AI-generated npm package @kodane/patch-manager was flagged for hiding malicious software to drain Solana wallets. The package was uploaded on July 28, 2025, and it was downloaded more than 1,500 times before takedown.
“The package @kodane/patch-manager, is a sophisticated cryptocurrency wallet drainer with multiple malicious functions. The drainer is designed to steal funds from unsuspecting developers and their applications’ users.” reads the report published by cybersecurity firm Safety. “The package presents itself as an “NPM Registry Cache Manager” with seemingly legitimate functionality for “license validation and registry optimization.” But that’s all just. ashow.”
The malicious npm package uses a postinstall script to rename and hide files in disguised cache folders across macOS, Linux, and Windows. On Windows, it hides directories with attrib +H. It achieves persistence by running a background script (connection-pool.js) that connects to a live C2 server, sharing a unique machine ID and managing multiple infected hosts.
The open C2 server used by the malicious npm package logs wallet thefts without requiring authentication. Once a wallet is found, a second script (transaction-cache.js) drains funds, leaving just enough to cover fees. Stolen Solana is sent to a hardcoded address, showing high activity likely tied to over 1,500 infected users.
“It’s pretty rare that you get to see and play around with C2 infrastructure, but in this case the threat actor has left it open to the public.” continues the report.
The malicious npm package “@kodane/patch-manager” was published by user “Kodane,” who uploaded 19 versions in just two days starting July 28, 2025. While “Kodane” means “offspring” in Japanese, timestamps suggest a UTC+5 origin, possibly Russia, China, or India. The malware’s well-written documentation and descriptive code comments suggest it was likely AI-generated. Telltale signs include excessive console logs, emojis in code, structured markdown, and the repeated use of terms like “Enhanced”, patterns typical of AI tools like Claude.
“Whenever you point Claude at a source code file and tell it to add something, or modify it in some way,it names the new file “Enhanced
These clues point to the use of AI to disguise the malicious intent behind professional-looking code.
Malware developers are using AI because it helps them create more convincing, well-documented, and harder-to-detect code. AI can generate clean syntax, realistic comments, and professional-looking documentation, making malicious packages appear legitimate. This increases trust and download rates before detection and removal.
The researchers also published Indicators of Compromise (IOCs) for this threat.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, npm package)
