BotBeat
...
← Back

> ▌

AnthropicAnthropic
INDUSTRY REPORTAnthropic2026-05-28

AI-Generated Malware Steals Claude User Credentials, Leaks Its Own GitHub Token

Key Takeaways

  • ▸An npm package designed to steal Claude user credentials reached 676 downloads before removal; the attacker accidentally leaked their own GitHub private token, enabling researchers to trace and analyze the malware
  • ▸The malware specifically targeted /mnt/user-data (Claude's file storage and output directory), exfiltrating files via the GitHub Contents API using base64 encoding to obscure stolen data
  • ▸Security researchers warn of a rising trend: threat actors are increasingly weaponizing AI tools to generate malware targeting AI users, even if the resulting code is often poorly written and easily detected
Source:
Hacker Newshttps://www.theregister.com/cyber-crime/2026/05/27/supply-chain-brain-drain-npm-attacker-foolishly-leaks-own-github-private-token/5247424↗

Summary

A malicious npm package called 'mouse5212-super-formatter' designed to target Claude users reached 676 downloads before being removed from the registry. The AI-generated malware claimed to be a legitimate 'archive deployment sync' utility but actually functioned as a credential stealer, specifically targeting Claude's file storage directory (/mnt/user-data) where users upload and download files. The malware exfiltrated sensitive files through the GitHub API, ultimately compromising the attacker's security posture by accidentally leaking their own GitHub private token.

Researchers from OX Security traced the stolen files and analyzed the malware, discovering that the attacker created a GitHub account just hours before uploading the malicious package to npm. The researchers warn that this incident reflects a troubling trend: threat actors are increasingly targeting AI tools with AI-generated malware, albeit often with poor code quality and security practices. The GitHub account and all versions of the affected npm package have since been deleted, but users who installed the package are advised to immediately revoke their GitHub access tokens and audit the '/mnt/user-data' directory for suspicious files.

Editorial Opinion

The irony of AI-generated malware leaking its own credentials is darkly amusing, but the broader security implications are genuinely concerning. As Claude and other AI coding assistants become integral to developer workflows, they become increasingly attractive targets for threat actors. The fact that attackers are now using AI to generate malware—even poorly—suggests that the security landscape for AI tools is evolving faster than defenses.

CybersecurityAI Safety & AlignmentPrivacy & Data

More from Anthropic

AnthropicAnthropic
INDUSTRY REPORT

From Decline to Rebound: AI-Exposed Job Markets Surge as Agentic Tools Rise

2026-07-11
AnthropicAnthropic
UPDATE

Anthropic Removes Hidden Tracking Code from Claude Code After Transparency Controversy

2026-07-11
AnthropicAnthropic
RESEARCH

Anthropic Unveils Hidden 'J-Space' Inside Claude Using New Mechanistic Interpretability Technique

2026-07-11

Comments

Suggested

AI Industry ResearchAI Industry Research
RESEARCH

Repo-Slopscore: New Tool Detects AI-Generated Code Contributions in Open Source Repositories

2026-07-12
SamsungSamsung
UPDATE

Samsung Forces Health Data Sharing for AI Training or Risks Losing App Functionality

2026-07-12
OpenAIOpenAI
INDUSTRY REPORT

OpenAI Pivots to Families as ChatGPT Usage Skews Older

2026-07-12
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us