🧠 In a serious development, cybersecurity company Safety discovered on July 31 that a malicious software generated by artificial intelligence was hiding itself within a package on the NPM platform named @kodane/patch-manager, and it steals crypto wallets upon installation! 😱
---
🔍 How does the software work?
🔧 When installing the package:
Files like monitor.js, sweeper.js, and utils.js are activated automatically
Files are secretly stored on Linux, Windows, and macOS devices
connection-pool.js acts as a persistent connection to an external server (C2)
transaction-cache.js looks for cryptocurrency wallet files and then initiates the 'dumping' and stealing of balances 💸
💡 Transfers were conducted via an encrypted RPC point to an address on the Solana blockchain.
---
📦 Smart obfuscation and real danger!
The package appeared to be a normal development tool
It was downloaded more than 1,500 times before being discovered and removed on July 30 😨
It directly targeted software developers and users of their applications
---
🛡️ Who is behind the protection?
Safety, a Canadian company relying on artificial intelligence systems to monitor open-source updates, discovered the package within an analysis mechanism covering millions of packages monthly. Its tools are used by giant companies and government agencies, revealing threats 4 times more than public sources. 🔐
---
⚠️ What should be done?
✅ If you are a developer:
Check your installation logs and look for any trace of the package @kodane/patch-manager
Scan your device for the mentioned files
Do not install untrusted or unknown packages, even if they seem normal
🧯 In case of suspected theft:
Disconnect the internet immediately
Transfer your assets from the infected wallets to new secure wallets
Report the incident to protection platforms
📢 Share this post with developers you know — because a minute of delay could mean an empty wallet!
