Malicious AI-Generated npm Package Targets Solana Users
An AI-generated npm package named @kodane/patch-manager was identified as a malicious tool actively draining Solana wallets. It was uploaded on July 28, 2025, and downloaded over 1,500 times before it was removed from the registry.
The package masqueraded as an “NPM Registry Cache Manager,” claiming to offer license validation and registry optimization. However, its true function was to steal cryptocurrency from developers and users of affected applications.
How the Malware Operated
The malicious package used a post-install script to rename files and conceal them in disguised cache folders across macOS, Linux, and Windows systems. On Windows, it employed the attrib +H command to hide directories.
Persistence was maintained through a background script called connection-pool.js. This script connected to an openly accessible command and control (C2) server, sharing unique machine IDs and managing multiple infected hosts. The C2 server logged wallet thefts without requiring authentication.
Once a wallet was detected, another script, transaction-cache.js, executed fund transfers. It drained the wallet, leaving just enough balance to cover transaction fees. The stolen Solana tokens were sent to a hardcoded address, which showed high activity consistent with over 1,500 compromised users.
Open C2 Infrastructure Left Exposed
Interestingly, the threat actor left the C2 infrastructure publicly accessible, allowing researchers to observe the attack's scope firsthand. This openness is unusual and provided valuable insight into the attacker's methods.
AI Evidence in Code and Origin Clues
The package was published by a user named “Kodane,” who uploaded 19 versions within two days starting July 28, 2025. While “Kodane” means “offspring” in Japanese, timestamp analysis pointed to a UTC+5 timezone, suggesting origins in countries such as Russia, China, or India.
Several signs indicated AI involvement in creating the malicious code. The documentation was well-written, the code included excessive console logs, emojis, and structured markdown, and filenames frequently contained the prefix “Enhanced.” These patterns align with outputs from AI tools like Claude.
For example, when Claude modifies or adds files, it often names them “Enhanced <original filename>,” reflecting its process of “enhancing” code even when changes might be detrimental.
Why AI Is a Growing Threat in Malware Development
Malware authors are increasingly leveraging AI to craft more convincing and professional-looking code. AI-generated code benefits from clean syntax, realistic comments, and thorough documentation, making malicious packages appear legitimate and boosting trust among developers.
This trend results in higher download rates before detection and removal, posing a significant risk to open-source ecosystems.
Indicators of Compromise and Prevention
Researchers have published Indicators of Compromise (IOCs) related to this threat to help users identify potential infections. Developers using npm packages are advised to verify sources carefully and monitor unexpected behaviors or post-install scripts that could indicate malicious activity.
For those looking to strengthen their knowledge in AI security and development, exploring comprehensive courses on AI and cybersecurity can be valuable. Resources like Complete AI Training’s latest AI courses offer practical guidance on safe AI usage and secure coding practices.
Your membership also unlocks:
