Perceptive Security
SOC/SIEM Consultancy
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Published:
27 May 2026 at 15:44:29
Alert date:
27 May 2026 at 17:00:49
Source:
thehackernews.com
Supply Chain & Dependencies, Ransomware & Malware, Data Breach & Exfiltration
Cybersecurity researchers discovered a malicious npm package named 'mouse5212-super-formatter' that steals files from Claude AI's user directory. The package specifically targets the '/mnt/user-data' directory used by Anthropic's Claude AI tool for handling uploads and outputs. This represents a supply chain attack targeting users of AI development tools through the npm registry.
Technical details
Malicious npm package named 'mouse5212-super-formatter' disguised as an archive deployment sync utility that steals files from Claude AI's '/mnt/user-data' directory. During postinstall stage, it authenticates to GitHub using victim's access token or fallback hard-coded token, creates a target repository if it doesn't exist, then recursively uploads all files to threat actor-controlled GitHub account. Files are stored in randomly named folders and creates fake network connection logs to obscure malicious behavior. The malware leaked its own GitHub private token, suggesting poor operational security.
Mitigation steps:
Check npm installations for the malicious mouse5212-super-formatter package and remove if present. Monitor GitHub repositories for unauthorized file uploads. Review access tokens and rotate if compromised. Implement package scanning before installation.
Affected products:
npm registry
Anthropic Claude AI
GitHub
Related links:
https://www.npmjs.com/package/mouse5212-super-formatter
https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/
https://github.com/unplowed3584
Related CVE's:
Related threat actors:
IOC's:
mouse5212-super-formatter, https://github.com/unplowed3584, /mnt/user-data
This article was created with the assistance of AI technology by Perceptive.