Malware-Slop malicious npm file-theft campaign
Campaign
Summary
Hide ▲
Show ▼
The Malware-Slop campaign is distributing a malicious npm package that steals local files from installers, creating an unauthorized data-transfer risk for users of Anthropic's Claude workspace directory. The package abuses the postinstall stage to reach into local environments and move content to a threat actor-controlled GitHub account. The activity also obscures the theft with a fake diagnostic log, making the exfiltration harder to notice.
Related Happenings
Mouse5212-super-formatter postinstall GitHub exfiltration package
Malware Activity
First: 27.05.2026 18:44
Last: 27.05.2026 18:44
Sources 1
How related:
According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background.
About this happening:
The **mouse5212-super-formatter** npm package is a **malicious infostealer** that can siphon files from **/mnt/user-data**, putting **Anthropic Claude** user data at risk of unaut...
Mouse5212-super-formatter postinstall GitHub exfiltration package
Malware ActivityHow related: According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background.
About this happening: The **mouse5212-super-formatter** npm package is a **malicious infostealer** that can siphon files from **/mnt/user-data**, putting **Anthropic Claude** user data at risk of unaut...
Shai-Hulud worm clone activity on NPM
Malware Activity
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityAbout this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...
Mini Shai-Hulud SAP-related npm supply-chain campaign
Campaign
First: 29.04.2026 19:26
Last: 29.04.2026 19:26
Sources 1
About this happening:
A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Mini Shai-Hulud SAP-related npm supply-chain campaign
CampaignAbout this happening: A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Latest development: 12.05.2026 11:50
Mini Shai-Hulud expands beyond the original SAP-related npm packages to compromise TanStack, UiPath, Mistral AI, OpenSearch, Guardrails AI, and DraftLab packages across npm and PyPI, with malicious payloads using router_init.js, GitHub Actions abuse, and exfiltration to filev2.getsession[.]org, api.masscan[.]cloud, or attacker-controlled GitHub repositories.
Famous Chollima PromptMink supply-chain campaign targeting Web3 developers
Campaign
First: 29.04.2026 17:43
Last: 29.04.2026 17:43
Sources 1
About this happening:
The **PromptMink** campaign is widening **Famous Chollima**'s supply-chain intrusion playbook by pushing **tainted npm packages** into developer environments and stealing secrets....
Famous Chollima PromptMink supply-chain campaign targeting Web3 developers
CampaignAbout this happening: The **PromptMink** campaign is widening **Famous Chollima**'s supply-chain intrusion playbook by pushing **tainted npm packages** into developer environments and stealing secrets....
Timeline
-
27.05.2026 18:44 1 articles · 7h ago
GitHub account tied to Malware-Slop is created before the first malicious npm upload
Campaign Scope UpdateThe GitHub account linked to the Malware-Slop campaign was created on May 26, 2026, a few hours before the first malicious version was uploaded to npm, giving the operator a destination for stolen files.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
-
27.05.2026 18:44 2 articles · 7h ago
OX Security finds mouse5212-super-formatter stealing Claude AI workspace files
Initial DisclosureOX Security identified the malicious npm package mouse5212-super-formatter as a file-stealing loader that runs in the postinstall stage, targets Anthropic's Claude AI workspace directory /mnt/user-data, authenticates to GitHub with an environment token or hard-coded fallback, creates or checks a repository, and recursively uploads files while writing a fake network connections log. The package was still available on npm and was estimated at 676 downloads, and the linked GitHub account leaked a private token.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44