New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have uncovered a sophisticated campaign codenamed PromptMink, where North Korean threat actors used AI-generated code to infect npm packages, targeting developers to steal cryptocurrency and sensitive data.
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real functionality is to plunder sensitive secrets from the compromised environment. The package, which shows signs of being vibe-coded using generative artificial intelligence (AI), was first uploaded to the repository in October 2025. The malware campaign has been codenamed PromptMink by ReversingLabs, which linked the activity as part of a broader campaign mounted by the North Korean threat actor known as Famous Chollima (aka Shifty Corsair). ReversingLabs said the AI agent-generated package was added as a dependency in a source code commit made in February 2026, causing the agent package to execute malicious code and give attackers access via leaked credentials to the victim's cryptocurrency wallets and funds. The attack adopts a phased approach, where the first-layer packages do not contain any malicious code, but import second-layer packages that actually embed the nefarious functionality. The threat actors employ various techniques to help the rogue packages escape detection, including typosquatting and creating malicious versions of functions already present in popular packages. The evolution of the malware from a simple infostealer to a specialized multi-platform harvester targeting Windows, Linux, and macOS capable of dropping SSH backdoors demonstrates North Korean threat actors' continued targeting of the open-source ecosystem. These findings coincide with other campaigns like Contagious Trader and graphalgo, which use fake companies and job interviews to deliver malicious payloads to developers.
Source: The Hacker News















