Cybersecurity experts have identified a new threat in the npm registry, involving a package that steals user data from Anthropic’s Claude AI. This package, known as ‘mouse5212-super-formatter,’ poses a significant risk by targeting the ‘/mnt/user-data’ directory, a critical component of Claude AI’s file management system. The operation, labeled as Malware-Slop by OX Security, underscores the growing vulnerabilities within software supply chains.
How the Malicious Package Operates
Upon detailed examination, the package masquerades as a legitimate ‘archive deployment sync’ utility. It deceptively validates or initializes a GitHub repository, captures network status snapshots, and synchronizes local files to a remote repository. However, its true intent is revealed when it authenticates to GitHub during the post-installation phase, using either a discovered or hard-coded access token. If a target repository does not exist, it creates one and uploads files to a repository controlled by the attacker.
This process involves storing files in randomly named directories, which aids the threat actor in distinguishing between different data theft incidents. The malware further disguises its activity by generating fake network logs, misleading users into believing the operations are standard diagnostic processes.
Current Status of the Package
Despite its malicious nature, the package remains available for download on npm, having been accessed 676 times. The exact number of installations is unknown. Notably, the associated GitHub account has since been deactivated, but it was initially established shortly before the package’s first upload on May 26, 2026. This timing hints at a well-coordinated release strategy.
Interestingly, the package inadvertently disclosed sensitive details about the GitHub account, including a private token. This raises questions about the attackers’ operational security measures and suggests potential use of AI in developing the malware, albeit with significant lapses in maintaining security protocols.
Implications and Future Outlook
The ease with which malicious code can now be created has lowered the barrier to entry for cybercriminals. OX Security warns that this trend could lead to an influx of poorly constructed malware, with new actors mimicking advanced persistent threat (APT) groups to exploit vulnerabilities until npm implements more stringent automatic blocking measures.
The incident highlights the urgent need for enhanced security in software repositories and the importance of maintaining robust operational security practices among developers and users alike. As the threat landscape evolves, vigilance and innovation in cybersecurity measures will be crucial to mitigating future risks.
