🧠 In a serious development, the cybersecurity company Safety discovered on July 31 that a malware generated by AI was hiding itself inside a package on the NPM platform named @kodane/patch-manager, and it steals crypto wallets upon installation! 😱
---
🔍 How does the software work?
🔧 When installing the package:
Automatically activates files like monitor.js, sweeper.js, and utils.js
Files are secretly stored on Linux, Windows, and macOS devices
connection-pool.js acts as a persistent connection link to an external server (C2)
transaction-cache.js looks for cryptocurrency wallet files and then begins the process of 'dumping' and stealing balances 💸
💡 Transactions were made through an encrypted RPC point to an address on the Solana blockchain.
---
📦 Smart camouflage and real danger!
The package appeared to be a normal development tool
It was downloaded over 1,500 times before being discovered and removed on July 30 😨
Targeted software developers and users of their applications directly
---
🛡️ Who stands behind the protection?
Safety, a Canadian company relying on AI systems to monitor open-source updates, discovered the package within an analytical mechanism covering millions of packages monthly. Its tools are used by major companies and government agencies, revealing 4 times more threats than public sources. 🔐
---
⚠️ What should be done?
✅ If you are a developer:
Check your installation log and look for any trace of the package @kodane/patch-manager
Scan your device for the mentioned files
Do not install untrusted or unknown packages, even if they seem normal
🧯 In case of suspected theft:
Disconnect from the internet immediately
Transfer your assets from the infected wallets to secure new wallets
Report the incident to the protection platforms
📢 Share this post with developers you know — because a minute of delay could mean an empty wallet!