Claude adds malware to crypto agent

**Executive summary:** ReversingLabs uncovered PromptMink, a multi‑stage supply‑chain campaign attributed to North Korean group Famous Chollima that uses LLM‑crafted bait packages and malicious payload packages (notably @validate-sdk/v2 and related npm/PyPI packages) to steal .env/.json secrets, exfiltrate source code, and deploy SSH backdoors across Windows, macOS and Linux; the report includes technical analysis, IOCs (domains, IPs, C2 endpoints), and detection/mitigation guidance.