A malicious npm package named mouse5212-super-formatter recently exposed an entire cyber-espionage operation due to a fundamental coding error by its creator. The software disguised itself as a file synchronization utility to trick developers using Anthropic’s Claude AI assistant. Once installed, it functioned as a data stealer, targeting local directories to covertly copy uploaded files, downloads, and sensitive code outputs generated during AI interaction sessions.
The campaign collapsed because the attacker accidentally included their own private GitHub token within the code, likely a result of sloppy AI-assisted development. Security analysts from OX Security used this leak to trace the attacker's infrastructure and monitor stolen data. Before being banned, the package reached 676 downloads, utilizing several deceptive tactics:
- Insertion of neutral technical comments to bypass automated security flags.
- Generation of fake network logs to mask illegal data exfiltration.
- Creation of the malicious account just hours before the initial upload to maintain a clean history.
Security experts urge any developer who installed this package to immediately revoke all access keys and API tokens. Because the malware targeted local storage and sensitive code generation outputs, users must assume their local environment and intellectual property have been fully compromised.
