Contact us
Contact us

News

About

Home Crypto News Malicious npm package stole Claude AI files to GitHub

Malicious npm package stole Claude AI files to GitHub

Author Whitewallet Research
Posted: 27 May 2026, 16:59 CET 2 min read

The npm package ‘mouse5212-super-formatter’ exfiltrated files from Anthropic Claude’s /mnt/user-data and uploaded them to an attacker GitHub repository using access tokens.

OX Security researchers Moshe Siman Tov Bustan and Nir Zadok reported that a malicious npm package named ‘mouse5212-super-formatter’ copied files from the /mnt/user-data directory used by Anthropic’s Claude AI and uploaded them to an attacker-controlled GitHub repository. The activity has been tracked under the label Malware-Slop.

The package presented itself as an internal ‘archive deployment sync’ utility. During the postinstall stage it attempted to authenticate to GitHub using a token found in the installation environment or a hard-coded fallback token. If authentication succeeded it checked for a target repository, created one if none existed, and then recursively synchronized local files into the remote repository.

Researchers said the malware specifically targeted the /mnt/user-data folder where Claude stores uploaded files and background outputs. Stolen files were placed in randomly named folders on the attacker repository. The package also created a decoy ‘network connections’ log file to give the impression it was only reporting diagnostics.

OX Security traced a linked GitHub account to May 26, 2026; the account was created hours before the first malicious package version appeared on npm. The GitHub account is no longer available. The package remains on the npm registry and has been downloaded an estimated 676 times, though researchers said the number of actual installs is unclear.

The package contained details tied to the operator’s GitHub account, including a private token. OX Security wrote: ‘Now that the bar to create malicious code was reduced significantly, we’re going to see more threat actors getting into the game – uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely.’

OX Security recommended that development and security teams audit package behavior, avoid storing broad-scope tokens in installation environments, restrict token permissions, and monitor accounts for unexpected repository creation or file uploads.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE