Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

According to OX Security, the malicious npm package "mouse5212-super-formatter" was found on the public npm registry with logic to recursively upload files from "/mnt/user-data"—a directory used by Anthropic's Claude AI tooling for user uploads and outputs—to a threat-actor-controlled GitHub repository during the postinstall phase.[1][5] The malware authenticates to GitHub using either a token from the victim environment or a hard-coded token, then exfiltrates local workspace and Claude-related files into attacker repositories, disguising activity as a benign sync/diagnostic utility.[1][5] From a CyberSE.AI perspective, this represents an AI software supply chain compromise where a standard dev dependency becomes a data exfiltration vector from AI agent working directories, underscoring the need for SBOM-driven dependency vetting, strict egress controls for AI runtimes, and guardrails that isolate AI user-data directories from unvetted build/install scripts. Organizations using Claude-integrated tooling in CI/dev environments should treat any host that installed this package as potentially fully compromised, rotate credentials, and adopt continuous AI supply chain monitoring tied t