- A new malicious npm package, “mouse5212-super-formatter,” steals files from the Claude AI tool’s dedicated upload directory.
- The malware uploads stolen data to a threat actor-controlled GitHub account using a leaked private token.
- The package was discovered on May 27, 2026, and had been downloaded approximately 676 times from the npm registry.
- Researchers said the campaign, codenamed Malware-Slop, suggests sloppy operational security.
OX Security researchers uncovered a dangerous npm package on May 27, 2026, designed to stealthily exfiltrate sensitive files from users of Anthropic’s Claude AI. The package “mouse5212-super-formatter” specifically targets files in the “/mnt/user-data” directory used by the AI tool.
However, its postinstall script authenticates to GitHub using a token from the victim’s environment or a hard-coded fallback. The malware then checks for a target repository and creates one if needed before uploading every file recursively.
Consequently, stolen data is stored in randomly named folders within a GitHub account to differentiate theft sessions. The script also writes a fake log about network connections to disguise its true data-stealing behavior.
The package was available for download and had approximately 676 downloads. Meanwhile, the associated GitHub account was created just hours before the malicious version was uploaded to npm.
Researchers noted the malware leaked its own GitHub private token. This suggests the threat actor may be using AI to generate code but neglecting basic operational security, as “Now that the bar to create malicious code was reduced significantly, we’re going to see more threat actors getting into the game – uploading more sloppy malwares,” OX Security stated.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
