Malicious npm Package Stole Files From Claude AI User Directory via GitHub
What’s new: A malicious npm package named “mouse5212-super-formatter” has been discovered, capable of stealing files from the Claude AI user directory. The malware uploads files to a GitHub account controlled by the attacker, using either a GitHub access token from the victim’s environment or a hard-coded token. The package has been downloaded approximately 676 times and is still available on npm.
Who’s affected
Users of the Claude AI tool and developers who may have installed the malicious npm package are at risk of having sensitive files stolen.
What to do
- Immediately remove the “mouse5212-super-formatter” package from any projects.
- Review and revoke any compromised GitHub tokens that may have been exposed.
- Monitor for unauthorized access to GitHub accounts and other sensitive data.
- Implement security measures to validate npm packages before installation.
