cybersecurity researchers have identified malicious code hidden inside an npm package that was generated as a dependency by Anthropic’s Claude Opus large language model. This discovery marks a significant escalation in supply chain attacks linked to North Korean threat actors.
The package, named “@validate-sdk/v2,” was published on the npm registry as a legitimate utility software development kit for hashing, validation, encoding, and secure random generation. However, analysis revealed that its actual functionality includes backdoor access and data exfiltration capabilities.
How the Attack Unfolded
The attack vector began when a developer used Claude Opus to suggest dependencies for a project. The LLM recommended the malicious package, which was then incorporated into the build process. This represents a novel technique where adversaries manipulate AI models to inject malicious components into trusted development workflows.
Researchers from multiple security firms traced the package back to infrastructure associated with the Democratic People’s Republic of Korea (DPRK). The attackers employed fake company identities and remote access trojans (RATs) to maintain persistence on compromised systems.
Fake Companies and Social Engineering
The operation involved the creation of fictitious software firms that appeared legitimate on professional networking platforms. These shell companies were used to establish credibility with developers and security teams, making the malicious packages seem trustworthy.
Security experts noted that the DPRK group used sophisticated social engineering tactics, including fake job interviews and collaborative coding requests, to encourage victims to install the compromised npm module. The packages were designed to evade detection by mimicking the naming conventions and documentation of popular open source tools.
Technical Details of the Malware
The malicious code within “@validate-sdk/v2” included functions that communicated with command and control servers hosted in multiple jurisdictions. Once activated, the malware could exfiltrate environment variables, source code, and credentials stored on the developer’s machine.
Additionally, the package attempted to spread laterally within development environments by modifying other npm modules on the system. The RAT component allowed the attackers to execute arbitrary commands, log keystrokes, and capture screenshots.
Implications for the Software Supply Chain
This incident highlights the growing risk of AI-assisted social engineering in software supply chain attacks. The use of large language models by developers to generate code and dependencies creates a new attack surface that adversaries are actively exploiting.
Security teams are advised to implement strict controls on AI-generated code, including manual review of all dependencies suggested by LLMs. Organizations should also monitor npm registry activity for suspicious packages that match known threat actor patterns.
Mitigation and Response
The malicious package has been removed from the npm registry following the disclosure. Users who downloaded “@validate-sdk/v2” are urged to rotate all credentials, scan for unauthorized access, and audit their development environments for signs of compromise.
Several major technology firms have updated their internal policies to require AI-generated code to be scanned by automated security tools before being merged into production branches. The open source community is also developing signature-based detection rules for this type of campaign.
Looking ahead, the security industry expects DPRK-linked groups to continue refining their AI-enabled tactics. Further attacks using similar methodologies are likely as threat actors invest in automation and social engineering capabilities.
Source: ReHack
