npm mouse5212-super-formatter steals Claude AI data

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- mouse5212-super-formatter is a malicious npm package that targets Anthropic’s Claude AI by uploading files from its "/mnt/user-data" directory to an attacker‑controlled GitHub repository.
- OX Security analysts Moshe Siman Tov Bustan and Nir Zadok reported the package masquerades as an “archive deployment sync” utility but actually authenticates to GitHub during the post‑install step using a victim’s token or a hard‑coded fallback.
- mouse5212-super-formatter checks for a target repository, creates it if missing, then recursively uploads every file, storing them in randomly named folders and writing a fake “network connections” log to conceal the theft.
- GitHub account used in the campaign, created on May 26 2026, leaked its private token, indicating the attacker’s sloppy operational security and possible AI‑generated code.
- npm still hosts the package, which has been downloaded about 676 times, though the true number of successful installations remains unclear.
Why it matters: Anthropic and its Claude users lose data privacy, while the attacker gains access to potentially sensitive files; the 676 downloads illustrate a growing threat that pressures npm to tighten malware detection, increasing compliance costs for developers.




