Mouse5212-super-formatter postinstall GitHub exfiltration package
Malware Activity
Summary
Hide ▲
Show ▼
The mouse5212-super-formatter npm package is a malicious infostealer that can siphon files from /mnt/user-data, putting Anthropic Claude user data at risk of unauthorized exfiltration. It runs in the postinstall stage, uses a GitHub token or fallback credential, and uploads local files to a threat actor-controlled GitHub account. The package also disguises theft with fake diagnostics and was still downloadable from npm at the time of discovery.
Related Happenings
Asteroiddao hit by network compromise
Incident
H score13
First: 04.06.2026 18:25
Last: 04.06.2026 18:25
Sources 1
About this happening:
**asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
Asteroiddao hit by network compromise
IncidentAbout this happening: **asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
Claude Code GitHub Action bot trigger bypass security flaw
Vulnerability
H score31
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
**Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Claude Code GitHub Action bot trigger bypass security flaw
VulnerabilityAbout this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
AUDIOFIX and MiniRAT macOS malware activity
Malware Activity
H score34
First: 28.05.2026 10:54
Last: 28.05.2026 10:54
Sources 1
About this happening:
The **AUDIOFIX** and **MiniRAT** malware activity is targeting **cryptocurrency firms** and **developer infrastructure** on **macOS** with **LinkedIn recruiter** lures, a fake mee...
AUDIOFIX and MiniRAT macOS malware activity
Malware ActivityAbout this happening: The **AUDIOFIX** and **MiniRAT** malware activity is targeting **cryptocurrency firms** and **developer infrastructure** on **macOS** with **LinkedIn recruiter** lures, a fake mee...
JINX-0164 cryptocurrency recruitment-lure campaign
Campaign
H score39
First: 28.05.2026 10:54
Last: 28.05.2026 10:54
Sources 1
About this happening:
A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
JINX-0164 cryptocurrency recruitment-lure campaign
CampaignAbout this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
Malware-Slop malicious npm file-theft campaign
Campaign
H score39
First: 27.05.2026 18:44
Last: 27.05.2026 18:44
Sources 1
How related:
The activity has been codenamed Malware-Slop.
About this happening:
**Malware-Slop** is distributing **mouse5212-super-formatter**, a malicious **npm** package that steals local files from **Anthropic's Claude** workspace directory **/mnt/user-dat...
Malware-Slop malicious npm file-theft campaign
CampaignHow related: The activity has been codenamed Malware-Slop.
About this happening: **Malware-Slop** is distributing **mouse5212-super-formatter**, a malicious **npm** package that steals local files from **Anthropic's Claude** workspace directory **/mnt/user-dat...
Timeline
-
29.05.2026 11:10 1 articles · 1mo ago
mouse5212-super-formatter leaks GitHub token and exposes theft sessions
Technical Analysis Updatemouse5212-super-formatter leaked a hardcoded GitHub token, exposing the operator's credential and allowing about seven theft sessions to be observed in the attacker's GitHub repository; the malicious npm package recursively copied files from a victim machine, uploaded them through the GitHub Contents API, and was later removed from npm.
Show sources
- AI-Generated npm Malware Leaks Its Own GitHub Token — www.infosecurity-magazine.com — 29.05.2026 11:10
-
27.05.2026 18:44 1 articles · 1mo ago
GitHub account created ahead of the malicious npm upload
Untyped PhaseA GitHub account linked to the Malware-Slop activity was created a few hours before the first malicious version of mouse5212-super-formatter was uploaded to npm, giving the operator infrastructure for the file-theft campaign.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
-
27.05.2026 18:44 2 articles · 1mo ago
Researchers uncover mouse5212-super-formatter stealing files from Claude AI uploads
Initial DisclosureOX Security identified the malicious npm package mouse5212-super-formatter, which runs in the postinstall stage, authenticates to GitHub with a victim environment token or a hard-coded fallback, checks or creates a repository, and recursively uploads files from /mnt/user-data used by Anthropic's Claude AI tool.
Show sources
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub — thehackernews.com — 27.05.2026 18:44