Malware-Slop malicious npm file-theft campaign
Campaign
Summary
Hide ▲
Show ▼
Malware-Slop is distributing mouse5212-super-formatter, a malicious npm package that steals local files from Anthropic's Claude workspace directory /mnt/user-data. The package runs in the postinstall stage, authenticates to GitHub, and uploads files to a threat actor-controlled GitHub account while writing a fake diagnostic log to mask the theft. OX Security reported that the package was still live on npm at the time of analysis and had about 676 downloads before removal. The linked GitHub account was created on 2026-05-26, shortly before the first malicious upload, and the package exposed a hardcoded fallback token that let researchers observe the exfiltration flow.
Related Happenings
GitHub API enumeration campaign targeting corporate organizations
Campaign
H score17
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
GitHub API enumeration campaign targeting corporate organizations
CampaignAbout this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
North Korean Contagious Interview PolinRider supply-chain campaign
Campaign
H score51
First: 04.07.2026 14:17
Last: 04.07.2026 14:17
Sources 1
About this happening:
The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....
North Korean Contagious Interview PolinRider supply-chain campaign
CampaignAbout this happening: The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....
GitHub npm v12 hardens install-time dependency execution and source resolution
Security Tool/Service
H score11
First: 10.06.2026 22:41
Last: 10.06.2026 22:41
Sources 1
About this happening:
**GitHub** is tightening **npm v12** next month by blocking automatic dependency install scripts and non-registry sources, reducing supply-chain attack paths triggered by **npm in...
GitHub npm v12 hardens install-time dependency execution and source resolution
Security Tool/ServiceAbout this happening: **GitHub** is tightening **npm v12** next month by blocking automatic dependency install scripts and non-registry sources, reducing supply-chain attack paths triggered by **npm in...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
Campaign
H score83
First: 06.06.2026 09:58
Last: 06.06.2026 09:58
Sources 1
About this happening:
The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
CampaignAbout this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Timeline
-
27.05.2026 18:44 1 articles · 1mo ago
GitHub account tied to Malware-Slop is created before the first malicious npm upload
Campaign Scope UpdateThe GitHub account linked to the Malware-Slop campaign was created on May 26, 2026, a few hours before the first malicious version was uploaded to npm, giving the operator a destination for stolen files.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
-
27.05.2026 18:44 3 articles · 1mo ago
OX Security finds mouse5212-super-formatter stealing Claude AI workspace files
Initial DisclosureOX Security identified the malicious npm package mouse5212-super-formatter as a file-stealing loader that runs in the postinstall stage, targets Anthropic's Claude AI workspace directory /mnt/user-data, authenticates to GitHub with an environment token or hard-coded fallback, creates or checks a repository, and recursively uploads files while writing a fake network connections log. The package was still available on npm and was estimated at 676 downloads, and the linked GitHub account leaked a private token.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
- AI-Generated npm Malware Leaks Its Own GitHub Token — www.infosecurity-magazine.com — 29.05.2026 11:10