Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer.
The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The package is no longer available for download from the registry, but not before it attracted over 1,500 downloads.
Software supply chain security company Safety, which discovered the library, said the malicious features are advertised directly in the source code, calling it an “enhanced stealth wallet drainer.”
Specifically, the behavior is triggered as part of a postinstall script that drops its payload within hidden directories across Windows, Linux, and macOS systems, and then proceeds to connect to a command-and-control (C2) server at “sweeper-monitor-production.up.railway[.]app.”
“The script generates a unique machine ID code for the compromised host and shares that with the C2 server,” Paul McCarty, head of research at Safety, said, noting that the C2 server lists two compromised machines.
In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is installed, meaning users can be compromised without ever executing the package manually. This creates a dangerous blind spot, especially in CI/CD environments where dependencies are updated routinely without direct human review.
The malware is designed to scan the system for the presence of a wallet file, and if found, it proceeds to drain all funds from the wallet to a hard-coded wallet address on the Solana blockchain.
While this is not the first time cryptocurrency drainers have been identified in open-source repositories, what makes @kodane/patch-manager stand out are clues that suggest the use of Anthropic’s Claude AI chatbot to generate it.
This includes the presence of emojis, extensive JavaScript console logging messages, well-written and descriptive comments, the README.md markdown file written in a style that’s consistent with Claude-generated markdown files, and Claude’s pattern of calling code changes as “Enhanced.”
The discovery of the npm package highlights “how threat actors are leveraging AI to create more convincing and dangerous malware,” McCarty said.
The incident also underlines growing concerns in software supply chain security, where AI-generated packages may bypass conventional defenses by appearing clean or even helpful. This raises the stakes for package maintainers and security teams, who now need to monitor not just known malware, but increasingly polished, AI-assisted threats that exploit trusted ecosystems like npm.
