Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The
Claude AI
GitHub
npm
Évolution chronologique
-
Un paquet npm malveillant exfiltre les fichiers du répertoire utilisateur de Claude AI via GitHub
Un paquet npm malveillant a dérobé des fichiers du répertoire utilisateur de Claude AI en les exfiltrant via GitHub, ciblant les développeurs et leurs données sensibles.