Malicious npm Dependency Linked to AI-Assisted Code Commit Targets Cryptocurrency Wallets

Researchers identified a malicious npm dependency tied to an AI-assisted code commit that targets cryptocurrency wallets by stealing sensitive data. The attack leverages a compromised package in the npm ecosystem, though no specific package name, CVE ID, or exact date of discovery was disclosed. The malware exfiltrates credentials and wallet information, posing a direct risk to developers and users relying on affected dependencies. The campaign highlights the growing threat of supply chain attacks via open-source repositories. No geographic or organizational attribution was provided in the report.