All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

By

Jessica Lyons

2d ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Crusty in the right places. Worth the chew.

Score70TypenewsSentimentnegative

Summary

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads before removal. The AI-generated malware made a critical error by leaking its own GitHub private token, allowing OX Security researchers to trace stolen files and analyze the threat. Researchers warn that more threat actors will upload sloppy malware mimicking APT groups as supply chain attacks increase.

Key quotes

· 1 pulled
We're going to see more threat actors getting into the game – uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm st
Snippet from the RSS feed
Script kiddies these days

You might also wanna read

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

stepsecurity.io·8mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·2mo ago

317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published

safedep.io·13d ago

GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware

GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant

about.gitlab.com·6mo ago

Popular npm packages debug and chalk compromised with crypto-intercepting malware

Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle

aikido.dev·8mo ago

Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories

A security breach has been discovered in the popular Nx build kit where malicious post-install commands create unauthorized repositories nam

semgrep.dev·9mo ago