Researchers discovered a malicious npm package stealing files from Anthropic Claude AI environments and uploading them to GitHub.
Cybersecurity researchers have uncovered a malicious npm package designed to steal files from environments linked to Anthropic’s Claude AI platform and secretly upload the stolen data to attacker-controlled GitHub repositories.
The package, identified as “mouse5212-super-formatter,” was discovered on the npm registry by researchers at OX Security, who said the malware specifically targeted the /mnt/user-data directory used internally by Claude AI to manage uploads and generated outputs.
Researchers dubbed the activity “Malware-Slop.”
According to OX Security, the package disguised itself as an internal “archive deployment sync” utility that appeared to initialize GitHub repositories, gather lightweight network diagnostics, and synchronize workspace files. In reality, the malware authenticated to GitHub during the package installation process and began exfiltrating local files to infrastructure controlled by the attacker.
The malware attempted to use GitHub access tokens found in the victim’s environment variables. If no token was available, the script reportedly relied on a hard-coded fallback token embedded within the package itself.
Investigators said the malware automatically checked whether a target GitHub repository existed and created one if necessary before recursively uploading stolen files from the compromised environment. The stolen data was stored in randomly named folders to separate theft sessions and avoid detection.
Researchers also found that the package generated fake “network connections” logs to create the appearance of harmless diagnostic activity while concealing its real purpose of unauthorized file collection and remote uploads.
The malicious package remained available on npm at the time of the report and had reportedly been downloaded 676 times, although researchers noted the actual number of successful installations remains unknown.
OX Security also discovered operational security mistakes made by the threat actor. The malware reportedly exposed details tied to the attacker’s GitHub account, including a private GitHub token, suggesting the malicious code may have been generated with the assistance of artificial intelligence tools without proper operational security precautions.
The GitHub account linked to the operation was created on May 26, 2026, only hours before the first malicious version of the package appeared on npm, according to researchers. The account has since been removed.
Security researchers warned that AI-assisted malware development is lowering the barrier for cybercriminals to launch supply chain attacks through open-source ecosystems such as npm. OX Security said the rise of quickly generated “sloppy malware” campaigns could lead to a sharp increase in malicious package uploads targeting developers and AI environments.
Related articles :
- AI Finds 22 Firefox Security Flaws in Two Weeks
- Exposed Google Cloud API Keys Can Now Access Gemini AI Services
- AI-aided Hydroponic Marijuana Operation Busted in Pune
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
