BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New npm Malware Steals Claude AI User Data

Malicious npm package steals Claude AI files, uploads them to GitHub.

  • A new malicious npm package, “mouse5212-super-formatter,” steals files from the Claude AI tool’s dedicated upload directory.
  • The malware uploads stolen data to a threat actor-controlled GitHub account using a leaked private token.
  • The package was discovered on May 27, 2026, and had been downloaded approximately 676 times from the npm registry.
  • Researchers said the campaign, codenamed Malware-Slop, suggests sloppy operational security.

OX Security researchers uncovered a dangerous npm package on May 27, 2026, designed to stealthily exfiltrate sensitive files from users of Anthropic’s Claude AI. The package “mouse5212-super-formatter” specifically targets files in the “/mnt/user-data” directory used by the AI tool.

- Advertisement -

However, its postinstall script authenticates to GitHub using a token from the victim’s environment or a hard-coded fallback. The malware then checks for a target repository and creates one if needed before uploading every file recursively.

Consequently, stolen data is stored in randomly named folders within a GitHub account to differentiate theft sessions. The script also writes a fake log about network connections to disguise its true data-stealing behavior.

The package was available for download and had approximately 676 downloads. Meanwhile, the associated GitHub account was created just hours before the malicious version was uploaded to npm.

Researchers noted the malware leaked its own GitHub private token. This suggests the threat actor may be using AI to generate code but neglecting basic operational security, as “Now that the bar to create malicious code was reduced significantly, we’re going to see more threat actors getting into the game – uploading more sloppy malwares,” OX Security stated.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

RoguePlanet Microsoft Defender Flaw Patched After Month Delay

Microsoft patched a Defender privilege escalation flaw called RoguePlanet, tracked as CVE-2026-50656, nearly a...

AVAX Surges 5.6% After Grayscale Shoutout, Outperforms BTC

Avalanche (AVAX) surged 5.6% in the daily charts and 2.7% over 14 days, outperforming...

Thai police arrest two in $122M crypto romance scam laundering

Thai police arrested two suspects for laundering romance-scam proceeds through crypto, using cross-chain swaps...

Wyden Urges Senate to Keep Crypto Developer Protections in Bill

Senator Ron Wyden urges Senate leaders to preserve the Blockchain Regulatory Certainty Act within...

Lurking Lizard uses fake 7-Zip installer to build proxy botnet

Threat actor Lurking Lizard has operated a residential proxy business since August 2022, using...

Must Read

This is How to Buy and Sell Bitcoin

Now more than ever, there are a variety of ways to enter and exit the crypto market. While this is good, the availability of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading