Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Malware Dev Tries to Steal Claude Users' Secrets, Writes Npm Slop, Leaks Own GitHub Private Token

Summary by The Register
An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder. The AI-generated malware leaked its own GitHub private token, thus allowing OX Security researchers to trace the stolen files and analyze the malware before issuing this warning: “We’re going to see more threat actors getting into the game – upl…

5 Articles

The RegisterThe Register
Center

Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token

An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder. The AI-generated malware leaked its own GitHub private token, thus allowing OX Security researchers to trace the stolen files and analyze the malware before issuing this warning: “We’re going to see more threat actors getting into the game – upl…

Read Full Article
Cyber Security NewsCyber Security News

AI-Generated npm Malware Accidentally Exposes Threat Actor’s Private GitHub Token

A new wave of AI-generated malware is hitting the open-source software ecosystem, and this time, the attacker made a critical mistake that gave researchers a rare inside look at their operation. A malicious package named “mouse5212-super-formatter” was discovered on the npm registry, acting as an infostealer designed to quietly steal files from any developer who installed it. What made this case unusual was not just what the malware did, but wha…

Read Full Article
pcgamerpcgamer

A malware dev has committed a magnificent self-own after an AI-coded malicious package leaked its own GitHub private token

Whoops.

Read Full Article
KorbenKorben

A Malware Developer O Forgets His Own GitHub Token in Code

This is funny. A malicious developer tried to steal sensitive files from Claude's users (Anthropic's IA assistant, OpenAI's competitor on language models) by uploading a trapped npm package. Except in his code, he left his own private GitHub authentication token. The researchers only had to recover it to go back to him. The package was called mouse5212-super-formatter.

Read Full Article
The Hacker NewsThe Hacker News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news on Wednesday, May 27, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Technology icon

Technology

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal