Cybersecurity researchers have discovered a new malicious package on the npm registry with information-stealing capabilities.
According to OX Security, the package, named mouse5212-super-formatter, is designed to upload files from /mnt/user-data. This is a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to process uploads and output in the background. This activity has been codenamed “Malware-Slop.”
“Analysis of the malware reveals that this script exists as an internal ‘archive deployment synchronization’ utility that validates or initializes a GitHub repository, captures a lightweight ‘network status’ snapshot, and performs a structured synchronization of local workspace files to a remote tracking tree,” researchers Moshe Siman Tov Bustan and Nir Zadok said in a statement.
However, in reality, at a post-installation stage, it authenticates to GitHub using a GitHub access token found in the victim’s environment or a hard-coded token as a fallback, checks if the target repository exists, creates the repository if it doesn’t, and recursively uploads all files to a GitHub account controlled by the threat actor.
Stolen files are stored in randomly named folders to help operators distinguish between different theft sessions. The malware also writes fake “network connectivity” logs to give the impression that it is sending diagnostic information, masking its actual activity of unauthorized local data collection and remote transfer.
This package is still available for download from npm and has been downloaded an estimated 676 times. However, it remains unclear how many of these correspond to actual installations. The GitHub account linked to this campaign is currently unavailable, but OX noted that it was created on May 26, 2026, hours before the first malicious version was uploaded to npm.
What’s notable about this package is that GitHub account details, including private tokens, were leaked, raising the possibility that attackers are using AI to generate malware without implementing basic operational security (OPSEC) best practices.
“With the bar for writing malicious code significantly lowered, more threat actors will get into the game, most likely imitating APT groups and uploading more devious malware to get a piece of the cake until npm starts automatically blocking malware outright,” OX Security said.
Source link
