Malicious npm Package Targets Claude AI Users via Supply Chain Attack

Dev.to / 5/30/2026

📰 NewsDeveloper Stack & InfrastructureSignals & Early TrendsIndustry & Market Moves

共有:

Key Points

A malicious npm package, "mouse5212-super-formatter," was found stealing files from Anthropic Claude AI users’ local directories by sending data to a threat actor-controlled GitHub repository.
The package masqueraded as a legitimate archive utility and exfiltrated workspace files during the npm postinstall step.
The attacker’s weak operational security, including a leaked GitHub token, suggests the malware may be AI-generated or at least produced with limited human expertise.
The incident highlights an increasing trend of low-skill threat actors using AI tools to scale supply-chain attacks against popular developer ecosystems.

Forensic Summary

A malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.

Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/malicious-npm-package-targets-claude-ai-users-via-supply-chain-attack/

Black Hat USA

AI Business

How to Deploy Qwen2.5 72B with vLLM + AWQ Quantization on a $24/Month DigitalOcean GPU Droplet: Multilingual Reasoning at 1/110th Claude Opus Cost

Dev.to

How to Deploy Llama 2 on DigitalOcean App Platform for $5/Month

Dev.to

Bata India’s CIO on rebuilding retail tech for an AI-first future –

Dev.to

AI Science & Economy: Systems Map

Reddit r/artificial

Malicious npm Package Targets Claude AI Users via Supply Chain Attack

Key Points

Forensic Summary

Related Articles

Black Hat USA

How to Deploy Qwen2.5 72B with vLLM + AWQ Quantization on a $24/Month DigitalOcean GPU Droplet: Multilingual Reasoning at 1/110th Claude Opus Cost

How to Deploy Llama 2 on DigitalOcean App Platform for $5/Month

Bata India’s CIO on rebuilding retail tech for an AI-first future –

AI Science & Economy: Systems Map

関連おすすめサービス

Notta搭載AI議事録イヤホン ZENCHORD1

AI搭載ボイスレコーダー Plaud

画像高画質化AIツール Aiarty Image Enhancer

Key Points

Forensic Summary

Related Articles

Black Hat USA

How to Deploy Qwen2.5 72B with vLLM + AWQ Quantization on a $24/Month DigitalOcean GPU Droplet: Multilingual Reasoning at 1/110th Claude Opus Cost

How to Deploy Llama 2 on DigitalOcean App Platform for $5/Month

Bata India’s CIO on rebuilding retail tech for an AI-first future &#8211;

AI Science & Economy: Systems Map

関連おすすめサービス

Notta搭載AI議事録イヤホン ZENCHORD1

AI搭載ボイスレコーダー Plaud

画像高画質化AIツール Aiarty Image Enhancer

Bata India’s CIO on rebuilding retail tech for an AI-first future –