Signal

New malicious npm packages linked to AI-assisted commits and macOS RATs target crypto wallets and developers

Evidence first: scan the strongest sources, then decide whether to go deeper.

redditrss

cvesexploitsmalwarethreat_actorssecurity_tooling

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (3 domains)

3 top sources shown

The Hacker News - DPRK attacks use AI-inserted npm malware

thehackernews.com · thehackernews.com · 2026-04-29 14:43 UTC

Infosecurity Magazine - AI npm dependency targets crypto

infosecurity-magazine.com · infosecurity-magazine.com · 2026-04-29 14:00 UTC

SafeDep - Minirat malware deployed via npm targeting macOS (via Reddit)

iru.com · iru.com · 2026-04-29 13:41 UTC

View all evidence

Overview

Researchers have uncovered a wave of malicious npm packages that leverage AI-assisted code commits and sophisticated malware to target crypto wallets and macOS developer machines.

Entities

AnthropicClaude Opus

Score total

1.5

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent discoveries reveal AI-assisted commits in npm packages linked to DPRK threat actors.
New macOS RAT Minirat uses npm as an infection vector, highlighting evolving attack methods.
The combination of AI and supply chain malware underscores urgent need for improved developer security practices.

Why it matters

AI is increasingly used by threat actors to automate and enhance malware insertion in software dependencies.
Malicious npm packages can compromise developer environments and steal sensitive crypto wallet data.
Supply chain attacks leveraging AI and stealthy RATs pose significant risks to software security and integrity.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Malicious npm packages use AI-assisted commits to steal crypto wallet data
Minirat macOS RAT deployed via malicious npm package with stealth features

How sources frame it

Infosecurity Magazine: neutral
The Hacker News: neutral
SafeDep: neutral

All evidence

Infosecurity Magazine - AI npm dependency targets crypto

infosecurity-magazine.com · infosecurity-magazine.com · 2026-04-29 14:00 UTC

The Hacker News - DPRK attacks use AI-inserted npm malware

thehackernews.com · thehackernews.com · 2026-04-29 14:43 UTC

SafeDep - Minirat malware deployed via npm targeting macOS (via Reddit)

iru.com · iru.com · 2026-04-29 13:41 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 3 / 0

Top publishers (this list)

infosecurity-magazine.com (1)
thehackernews.com (1)
iru.com (1)

Top origin domains (this list)

infosecurity-magazine.com (1)
thehackernews.com (1)
iru.com (1)