Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Researchers discovered a malicious npm package (a collection of code shared through Node Package Manager, a repository for JavaScript libraries) called "mouse5212-super-formatter" that steals files from Claude AI users' directories. The package disguises itself as a legitimate tool but actually uploads files to a threat actor-controlled GitHub account by authenticating with stolen or hard-coded credentials during installation.