Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PromptMink malicious npm dependency stealing secrets and crypto wallets

Malware Activity
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

The PromptMink malicious npm dependency now poses an immediate theft risk because it is stealing sensitive data and exposing crypto wallets from infected environments. The package @validate-sdk/v2 was disguised as a validation tool while quietly exfiltrating secrets. It was tied to an AI-assisted code commit and first introduced in February 2026. The payload later added persistence and broader cross-platform reach, increasing the scope of compromise.

Related Happenings

TrapDoor cross-ecosystem supply-chain campaign

Campaign
First: 25.05.2026 08:59 Last: 25.05.2026 08:59 Sources 1

About this happening: The **TrapDoor** supply-chain campaign has expanded across **npm, PyPI, and Crates.io**, using **34+ malicious packages** to steal developer secrets and credentials. The operation...

Open Happening

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Inactive maintainer account 'atiertant' hit by network compromise

Incident
First: 15.05.2026 20:10 Last: 15.05.2026 20:10 Sources 1

About this happening: The **inactive maintainer account 'atiertant'** for **node-ipc** was **compromised**, enabling malicious package releases that could steal credentials from downstream installation...

Open Happening

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

Timeline

  1. 29.04.2026 17:00 2 articles · 28d ago

    PromptMink malicious npm dependency steals secrets and exposes crypto wallets

    Initial Disclosure

    Researchers at ReversingLabs found the malicious npm package @validate-sdk/v2, disguised as a validation tool and added to an autonomous trading agent in February 2026, stealing sensitive data, exfiltrating secrets from infected environments, and exposing crypto wallets; attribution points to North Korean state-sponsored actor Famous Chollima (APT37 or Reaper), and the commit was reportedly co-authored by Anthropic's Claude Opus model.

    Show sources
    Open in new tab