A sophisticated malware campaign known as PromptMink has emerged, targeting the software development community, particularly those involved with autonomous crypto trading projects. This campaign exploits AI coding assistants to introduce malicious code into legitimate projects, marking a new tactic in cybercriminal activities. The attack was first identified when a malicious npm package was introduced into a crypto trading agent project through a code commit co-authored by an AI model from Anthropic.
The attack began on February 28, 2026, with a commit to the open-source project openpaw-graveyard. This commit added a seemingly benign package, @solana-launchpad/sdk, which in turn imported a malicious package, @validate-sdk/v2. The latter masquerades as a data validation tool while secretly collecting sensitive credentials and sending them to a remote server controlled by attackers. This method of using AI tools to plant harmful code represents a significant shift in cybercriminal strategies.
ReversingLabs researchers were the first to uncover this campaign, which they named PromptMink. Their investigation revealed that the campaign is linked to the North Korean threat group Famous Chollima, known for previous attacks on software developers. The campaign uses a two-layer structure to evade detection, with the first layer appearing legitimate and the second containing the harmful code. Over 60 unique malicious packages have been identified, with no signs of the campaign ceasing.
The malware’s payload is designed to scan for sensitive files related to cryptocurrency transactions and exfiltrate them to an attacker-controlled server. On Linux systems, it also creates a persistent backdoor by adding the attacker’s SSH key to the victim’s machine. The campaign has evolved to include versions written in Rust, capable of stealing entire project directories, indicating a focus on intellectual property theft.
To mitigate the risk of such attacks, developers and security teams should thoroughly review AI-generated code commits and verify all new dependencies through trusted sources. Monitoring for unusual network activity and auditing SSH authorized keys files are also recommended practices to detect and prevent unauthorized access. These measures are essential to safeguarding development environments from sophisticated supply chain attacks like PromptMink.
Source: https://cybersecuritynews.com/claude-generated-commit-adds-promptmink-malware/