AI-Generated Malware Steals Claude User Credentials, Leaks Its Own GitHub Token

Summary

A malicious npm package called 'mouse5212-super-formatter' designed to target Claude users reached 676 downloads before being removed from the registry. The AI-generated malware claimed to be a legitimate 'archive deployment sync' utility but actually functioned as a credential stealer, specifically targeting Claude's file storage directory (/mnt/user-data) where users upload and download files. The malware exfiltrated sensitive files through the GitHub API, ultimately compromising the attacker's security posture by accidentally leaking their own GitHub private token.

Researchers from OX Security traced the stolen files and analyzed the malware, discovering that the attacker created a GitHub account just hours before uploading the malicious package to npm. The researchers warn that this incident reflects a troubling trend: threat actors are increasingly targeting AI tools with AI-generated malware, albeit often with poor code quality and security practices. The GitHub account and all versions of the affected npm package have since been deleted, but users who installed the package are advised to immediately revoke their GitHub access tokens and audit the '/mnt/user-data' directory for suspicious files.

Editorial Opinion

The irony of AI-generated malware leaking its own credentials is darkly amusing, but the broader security implications are genuinely concerning. As Claude and other AI coding assistants become integral to developer workflows, they become increasingly attractive targets for threat actors. The fact that attackers are now using AI to generate malware—even poorly—suggests that the security landscape for AI tools is evolving faster than defenses.