Close Menu
Most Read

Malicious npm package exploits, steals files from AI user directory

Staff WriterBy No Comments3 Mins Read2 Views

Quick Takeaways

  1. A malicious npm package ("mouse5212-super-formatter") is stealing files from a directory linked to AI tools and uploading them to threat-controlled GitHub accounts, blending legitimate functions with covert data exfiltration.
  2. The malware authenticates using embedded or environment-based GitHub tokens, creating and uploading files to remote repositories, while disguising its activities with fake diagnostic logs.
  3. The breach ex leaked GitHub credentials, including a private token, illustrating poor OPSEC and increasing risk of similar sloppy malware, potentially amplifying supply chain attacks.

Threat, Attack Techniques, and Targets

Cybersecurity researchers found a malicious npm package called "mouse5212-super-formatter." This package is designed to steal files from users’ systems. It targets users of Claude AI, a tool made by Anthropic. The malware hides in the package and pretends to be an internal utility for syncing archives.

The malware checks the system during installation. It tries to authenticate with GitHub using either a token from the environment or a hard-coded token. Then, it verifies if a remote repository exists. If not, it creates one. Afterward, it uploads files from a specific directory, "mnt/user-data." The files are stored in random folders to hide the theft, and the malware logs fake network data to hide its real activity.

The package was found on npm and downloaded about 676 times. The GitHub account connected to the attack was created just hours before the malicious package was uploaded. Notably, the account’s private token was leaked. This shows that attackers may be using AI tools to build malware but may ignore proper security practices.

Impact, Security Implications, and Remediation Guidance

This malware can seriously harm organizations using Claude AI. By stealing files, attackers can access sensitive data. Successful theft could lead to data breaches, intellectual property loss, or further attacks.

The malware’s ability to upload files to a remote GitHub account makes it a high threat for data exfiltration. Since the package is still available on npm, many users might unknowingly install it. If malicious code runs, it could give attackers ongoing access to the system.

For organizations, it is important to remove this package from their systems. They should also check their environment for exposed tokens or credentials. Use best security practices, such as limiting token permissions and monitoring package downloads.

If you suspect infection or data theft, seek remediation guidance from the relevant software vendors or security authorities. Do not rely solely on assumptions or unofficial sources. Proper investigation and cleanup are critical to reduce risks and prevent further damage.

Expand Your Tech Knowledge

Learn how the Internet of Things (IoT) is transforming everyday life.

Stay inspired by the vast knowledge available on Wikipedia.

ThreatIntel-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.