Cybersecurity researchers at **OX Security** have uncovered a supply chain attack targeting data associated with **Anthropic's Claude** artificial intelligence (AI) tool. The malicious package, named `mouse5212-super-formatter`, was found on the npm registry and possesses information-stealing capabilities.  ### Malware-Slop: Stealing AI Data The malicious package is designed to upload files from `/mnt/user-data`, a directory used by **Anthropic's Claude** to handle uploads and outputs. This activity has been codenamed **Malware-Slop**. According to researchers **Moshe Siman Tov Bustan** and **Nir Zadok**, the script masquerades as an internal 'archive deployment sync' utility. It validates or initializes a **GitHub** repository, captures a lightweight 'network status' snapshot, and performs a structured synchronization of local workspace files into a remote tracking tree. In reality, the package authenticates to **GitHub** during the postinstall stage using a **GitHub** access token found in the victim's environment or a hard-coded token. It checks for the existence of a target repository and creates one if it doesn't exist. The malware then recursively uploads every file to a threat actor-controlled **GitHub** account. The stolen files are stored within randomly named folders to distinguish between different theft sessions. A fake "network connections" log is also written to obscure the true operational behavior. ### Package Details and Impact The package, `mouse5212-super-formatter`, is still available for download from npm and has been downloaded approximately 676 times. However, the number of actual installs remains unclear. The **GitHub** account linked to the campaign is no longer available, but **OX Security** noted that it was created on May 26, 2026, just hours before the first malicious version was uploaded to npm.  ### AI-Generated Malware and OPSEC Failures Notably, the package leaked details of the **GitHub** account, including its private token. This raises the possibility that the threat actor is using AI to generate malware while failing to implement basic operational security (OPSEC) best practices. **OX Security** warns that the reduced barrier to creating malicious code will likely lead to an increase in similar, albeit "sloppy," malware uploads. They anticipate more threat actors mimicking APT groups in an attempt to capitalize on the vulnerability until npm implements more robust automated malware blocking measures.