Supply chain brain drain: npm attacker foolishly leaks own GitHub private token
Jump to main content
Search
REG AD
cyber-crime
Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token
Script kiddies these days
Jessica Lyons
Jessica<br>Lyons
Published<br>wed 27 May 2026 // 21:33 UTC
An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder.<br>The AI-generated malware leaked its own GitHub private token, thus allowing OX Security researchers to trace the stolen files and analyze the malware before issuing this warning: “We’re going to see more threat actors getting into the game – uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely.”<br>According to researchers Moshe Siman Tov Bustan and Nir Zadok, the sloppy code writer created their GitHub account earlier this month, just hours before uploading their first malicious version to npm and shortly after testing out the information-stealing capabilities on a “test” repository.
REG AD
MORE CONTEXT
Claude Opus wrote a Chrome exploit for $2,283
A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets
Web devs sleeping with the enemy: AI is doing their job and they worry it's after their desk too
Researchers find all big-name bots bomb EU compliance tests
The GitHub account was deleted after the attack.
REG AD
All versions of mouse5212-super-formatter are affected, according to the threat hunters, so if you installed it, immediately revoke your GitHub access tokens and assume any unusual files in the “/mnt/user-data” directory have been compromised.<br>This is the storage directory that Anthropic’s AI coding tool Claude uses to handle file uploads, downloads, and code/data outputs.<br>The script purports to be an internal “archive deployment sync” utility that validates a GitHub repository, captures a “network status” snapshot, and then synchronizes local workspace files with a remote tracking tree.<br>In reality, however, it’s a stealer. “It authenticates to GitHub (using an environment token or a hardcoded fallback), checks whether a target repository exists, creates it if needed, then recursively walks a local directory and uploads every file through the GitHub Contents API,” Bustan and Zadok wrote.<br>It stores the stolen files under random per-run folder names, which allows for multiple stealing sessions, and exfiltrates the sensitive info using base64 encoding. The malware also writes a phony network connection log to make it look like a diagnostic - not theft - tool, and uses “intentionally bland” and/or technical comments and commit messages “to reduce suspicion,” the researchers wrote.<br>It does this instead of using redundant or Russian-language comments that would be a dead giveaway the attacker used AI to write the malicious code. Then again, leaking your own tokens also isn’t super stealthy behavior or best practices when it comes to writing malware. ®
supply chain attack<br>npm<br>malware<br>github<br>cyber-crime<br>claude
REG AD
Systems
Qualcomm picks bad time to pitch a $300 laptop platform
Systems based on Snapdragon C to target students, families, and small businesses
Personal Tech
Steam Deck prices go through the roof as Valve blames component shortages
Same handheld, same specs, just a much steeper bill
THE REGISTER EXPLAINER
Explainer: Edge AI
You can run AI at the edge, if your infrastructure supports it
Cyber-Crime
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
Travel and leisure giant was just one of many victims of the cybercrooks' crime spree this year
Systems
EU's digital sovereignty boo-boo may be the best thing to ever happen to the project
DIY or die. Just don't let the CIA buy it
OSes
ReactOS brings its Windows NT tribute act to ARM64
Experimental build boots on Raspberry Pi 5, but for now the joy is mostly in getting there
MOST POPULAR
AI + ML
Google has seriously leaned into AI enshittification lately
Security
Anthropic to release Mythos-class models to the public
Systems
Intel's CEO reveals early hiring challenges as bankruptcy concerns deterred top talent
Operating Systems
Linus Torvalds to ‘start being more hardnosed’ about ‘pointless pull requests’ – some of which come from AIs
Security
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
EVENTS
The Hardware Crunch: How Supply Chain Turbulence Is Forcing a New IT Playbook
Infrastructure teams are facing a perfect storm: extended hardware lead times, rising costs driven by AI demand, and accelerated platform timelines.
Overcoming the trade-offs in data sovereignty
What does data sovereignty actually mean for your network,...