Stealthy Data Harvesting Mechanism
Security researchers at OX Security have uncovered a malicious npm package that masquerades as a legitimate archive deployment sync utility. Named “mouse5212 super formatter,” the package executes a sophisticated data theft operation during its installation phase. It targets the “/mnt/user-data” directory, a dedicated storage location used by Anthropic’s Claude AI tool for handling file uploads and background processing tasks.
The malware authenticates to GitHub using either an environment variable containing a victim’s access token or a hard coded token as a fallback. It then checks for a pre existing repository controlled by the attacker, creates one if needed, and proceeds to upload all files from the targeted directory into randomly named folders. To avoid detection, the script generates a fake network connections log that mimics diagnostic information while concealing the actual data exfiltration activity.
Impact and Scope
The package, which remains available for download on the npm registry, has been downloaded approximately 676 times. Researchers noted that the associated GitHub account was created just hours before the first malicious version of the package was uploaded, suggesting a deliberately planned operation. A notable operational security failure by the threat actor resulted in the exposure of their own GitHub account details, including a private access token, leading researchers to believe the malware may have been generated using AI tools without proper security precautions.
This campaign, dubbed Malware-Slop by researchers, highlights the growing threat of supply chain attacks targeting AI development tools and their associated data directories. The theft of files from Claude AI’s user data directory could expose sensitive information including proprietary code, configuration files, and other confidential materials processed through the AI platform.
Source: The Hacker News
