TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

2026-04-29 · Read original ↗

ATT&CK techniques detected

5 predictions
T1195.001Compromise Software Dependencies and Development Tools
98%
"malicious npm dependency linked to ai assisted commit targets crypto wallets a malicious npm dependency linked to an ai - assisted code commit has been found stealing sensitive data and exposing crypto wallets. according to researchers at reversinglabs, the package, disguised as …"
T1587Develop Capabilities
96%
"malicious npm dependency linked to ai assisted commit targets crypto wallets a malicious npm dependency linked to an ai - assisted code commit has been found stealing sensitive data and exposing crypto wallets. according to researchers at reversinglabs, the package, disguised as …"
T1195.001Compromise Software Dependencies and Development Tools
94%
"approach allowed attackers to maintain trust in widely visible components even as malicious elements were repeatedly replaced behind the scenes. across a seven - month period, the researchers tracked more than 60 packages and over 300 versions tied to the campaign, indicating sus…"
T1204.005Malicious Library
87%
"malicious npm dependency linked to ai assisted commit targets crypto wallets a malicious npm dependency linked to an ai - assisted code commit has been found stealing sensitive data and exposing crypto wallets. according to researchers at reversinglabs, the package, disguised as …"
T1587Develop Capabilities
64%
"approach allowed attackers to maintain trust in widely visible components even as malicious elements were repeatedly replaced behind the scenes. across a seven - month period, the researchers tracked more than 60 packages and over 300 versions tied to the campaign, indicating sus…"

Summary

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets