North Korean Hackers Deploy AI-Embedded npm Malware & RATs

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, and remote‑access trojans (RATs). The campaign was uncovered after a trojan‑laced npm module was uploaded to the public registry and later pulled into a project that leverages Anthropic’s Claude Opus large language model. The package, disguised as a benign AI utility, contained an embedded payload that silently installs a RAT on developer machines.

The infection chain starts with the malicious npm package being advertised as a dependency for AI‑focused projects. Once installed, the package executes a dropper that decodes a compact, AI‑generated snippet embedded within its source. This snippet harvests environment variables, API keys, and SSH credentials before establishing a covert channel to command‑and‑control (C2) servers operated under fabricated corporate personas. The use of fake firms and domain fronting helps the actors blend the malicious traffic with legitimate cloud services, complicating detection.

Analysts attribute the operation to DPRK‑aligned advanced persistent threat (APT) groups, noting a shift toward leveraging large language models (LLMs) to produce polymorphic code that evades traditional static‑analysis signatures. The campaign underscores a growing trend where threat actors integrate AI capabilities to accelerate malware development and obfuscation, raising the bar for defenders relying on conventional antivirus heuristics. Organizations that embed LLMs in their pipelines are now attractive targets for supply‑chain infiltration.

To mitigate the risk, security teams should enforce strict dependency vetting, maintain software bills of materials (SBOMs), and employ runtime monitoring to flag unusual outbound connections. Continuous integration pipelines should verify package integrity via cryptographic checksums and lockfiles, and developers should isolate AI‑generated code within sandboxed environments. Proactive threat‑intel sharing and rapid response playbooks can help contain similar incidents before they proliferate across the open‑source ecosystem.