Storyline

AI-assisted npm malware targets crypto wallets and macOS developers

Researchers have uncovered a new wave of malicious npm packages that leverage AI-assisted code commits and sophisticated malware to target cryptocurrency wallets and macOS developer machines.

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

thehackernews · News · thehackernews.com · 2026-04-29 14:43 UTC

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-04-29 14:00 UTC

limited source diversity in top sources

View all evidence

Overview

Researchers have uncovered a new wave of malicious npm packages that leverage AI-assisted code commits and sophisticated malware to target cryptocurrency wallets and macOS developer machines.

Score total

1.5

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent discoveries reveal AI-assisted commits in npm packages linked to DPRK threat actors.
New macOS RAT Minirat uses npm as an infection vector, highlighting evolving attack methods.
The combination of AI and supply chain malware underscores urgent need for improved developer security practices.

Why it matters

AI is increasingly used by threat actors to automate and enhance malware insertion in software dependencies.
Malicious npm packages can compromise developer environments and steal sensitive crypto wallet data.
Supply chain attacks leveraging AI and stealthy RATs pose significant risks to software security and integrity.

Continuity snapshot

Trend status: insufficient_history.
Continuity stage: broad_confirmed.
Current status: open.
3 current source-linked posts are attached to this storyline.

All evidence

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

thehackernews · thehackernews.com · 2026-04-29 14:43 UTC

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Infosecurity Magazine · infosecurity-magazine.com · 2026-04-29 14:00 UTC

Minirat malware deployed via NPM targeting macOS machines

malware · iru.com · 2026-04-29 13:41 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 3 / 0

Top publishers (this list)

thehackernews (1)
Infosecurity Magazine (1)
malware (1)

Top origin domains (this list)

thehackernews.com (1)
infosecurity-magazine.com (1)
iru.com (1)