Quick Takeaways
- A malicious npm package ("mouse5212-super-formatter") is stealing files from a directory linked to AI tools and uploading them to threat-controlled GitHub accounts, blending legitimate functions with covert data exfiltration.
- The malware authenticates using embedded or environment-based GitHub tokens, creating and uploading files to remote repositories, while disguising its activities with fake diagnostic logs.
- The breach ex leaked GitHub credentials, including a private token, illustrating poor OPSEC and increasing risk of similar sloppy malware, potentially amplifying supply chain attacks.
Threat, Attack Techniques, and Targets
Cybersecurity researchers found a malicious npm package called "mouse5212-super-formatter." This package is designed to steal files from users’ systems. It targets users of Claude AI, a tool made by Anthropic. The malware hides in the package and pretends to be an internal utility for syncing archives.
The malware checks the system during installation. It tries to authenticate with GitHub using either a token from the environment or a hard-coded token. Then, it verifies if a remote repository exists. If not, it creates one. Afterward, it uploads files from a specific directory, "mnt/user-data." The files are stored in random folders to hide the theft, and the malware logs fake network data to hide its real activity.
The package was found on npm and downloaded about 676 times. The GitHub account connected to the attack was created just hours before the malicious package was uploaded. Notably, the account’s private token was leaked. This shows that attackers may be using AI tools to build malware but may ignore proper security practices.
Impact, Security Implications, and Remediation Guidance
This malware can seriously harm organizations using Claude AI. By stealing files, attackers can access sensitive data. Successful theft could lead to data breaches, intellectual property loss, or further attacks.
The malware’s ability to upload files to a remote GitHub account makes it a high threat for data exfiltration. Since the package is still available on npm, many users might unknowingly install it. If malicious code runs, it could give attackers ongoing access to the system.
For organizations, it is important to remove this package from their systems. They should also check their environment for exposed tokens or credentials. Use best security practices, such as limiting token permissions and monitoring package downloads.
If you suspect infection or data theft, seek remediation guidance from the relevant software vendors or security authorities. Do not rely solely on assumptions or unofficial sources. Proper investigation and cleanup are critical to reduce risks and prevent further damage.
Expand Your Tech Knowledge
Learn how the Internet of Things (IoT) is transforming everyday life.
Stay inspired by the vast knowledge available on Wikipedia.
ThreatIntel-V1
