Artificial intelligence has been used to create a new malicious npm package impersonating the "NPM Registry Cache Manager" that includes a clandestine cryptocurrency wallet drainer that could compromise Windows, Linux, and macOS systems, reports The Register.
While package documentation had believable technical information, the 'kodane/patch-manager" package has been suspected of having been developed using AI due to the overabundance of emojis within its source code, as well as the presence of multiple markdown files and mentions of the word "enhanced", according to a report from cybersecurity firm Safety. Numerous source code comments and messages within the console.log have also suggested AI activity, researchers noted. "What might initially seem legitimate is actually evidence that the malware creator probably used AI to generate convincing technical documentation that disguises the true purpose of the code," said Safety Head of Research Paul McCarty.
While package documentation had believable technical information, the 'kodane/patch-manager" package has been suspected of having been developed using AI due to the overabundance of emojis within its source code, as well as the presence of multiple markdown files and mentions of the word "enhanced", according to a report from cybersecurity firm Safety. Numerous source code comments and messages within the console.log have also suggested AI activity, researchers noted. "What might initially seem legitimate is actually evidence that the malware creator probably used AI to generate convincing technical documentation that disguises the true purpose of the code," said Safety Head of Research Paul McCarty.
