How Claude Planted Malicious Code In A Crypto-Trading App

PromptMink is a supply-chain malware campaign that planted malicious npm packages (e.g., @validate-sdk/v2) into open-source projects — in one case via a commit partially generated by the Claude AI coding assistant — to harvest API keys, wallet credentials, SSH keys and entire codebases. Researchers observed rapid evolution from simple .env/.json stealers to AI‑aided obfuscation, large SEA-format Node.js binaries and compiled Rust modules, enabling persistent access and improved stealth; ReversingLabs associates the campaign with a North Korean state‑linked actor and highlights how AI coding agents both aided malware authors and propagated the compromise.