Malicious npm Package Exposes Attacker’s GitHub Token in Supply Chain Threat
Researchers at OX Security uncovered a malicious npm package, mouse5212-super-formatter, designed to steal sensitive files while posing as a legitimate development tool. The package, which has been downloaded 676 times and remains active on npm, highlights the rise of low-effort yet effective supply chain attacks.
Disguised as an "archive deployment sync" utility, the malware performs superficial GitHub repository validation and network diagnostics during installation. However, its true function is far more intrusive: it authenticates to GitHub using either an environment token or a hardcoded fallback token embedded in the code. Once active, it scans the local /mnt/user-data directory, encodes files in base64, and uploads them to a remote GitHub repository via the Contents API. The stolen data is organized into unique folders per execution, while fake diagnostic logs mask its malicious activity.
A critical error by the attacker embedding a private GitHub token in the malware allowed researchers to trace exfiltration activity to the operator’s repository. Approximately seven active data theft sessions were observed, most likely test runs before broader deployment. The GitHub account used in the campaign was created just hours before the package’s publication and was deleted shortly after discovery, though the npm package remains accessible.
The malware’s focus on the /mnt/user-data directory suggests targeting of development environments, containerized workloads, or cloud-based systems. OX Security’s analysis revealed generic code comments and commit messages, likely AI-generated to evade detection during casual inspection.
This incident underscores a growing trend of AI-assisted malware development, where attackers rapidly generate malicious code but often overlook basic security practices. While such threats may lack sophistication, they can still inflict significant damage, particularly in software supply chains. The exposure of the attacker’s infrastructure due to poor token management demonstrates how operational flaws can aid defenders in tracking and mitigating these campaigns.
Source: https://gbhackers.com/ai-generated-npm-malware/
GitHub TPRM report: https://www.rankiteo.com/company/github
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
"id": "npmgit1779963893",
"linkid": "npm-inc-, github",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Software Development, Cloud Services',
'type': 'Organizations using the malicious npm '
'package'}],
'attack_vector': 'Malicious npm Package',
'data_breach': {'data_encryption': 'Base64 encoding',
'data_exfiltration': True,
'sensitivity_of_data': 'High (development environment data)',
'type_of_data_compromised': 'Sensitive files '
'(base64-encoded)'},
'description': 'Researchers at OX Security uncovered a malicious npm package, '
'*mouse5212-super-formatter*, designed to steal sensitive '
'files while posing as a legitimate development tool. The '
'package, which has been downloaded 676 times and remains '
'active on npm, highlights the rise of low-effort yet '
"effective supply chain attacks. Disguised as an 'archive "
"deployment sync' utility, the malware performs superficial "
'GitHub repository validation and network diagnostics during '
'installation. However, its true function is far more '
'intrusive: it authenticates to GitHub using either an '
'environment token or a hardcoded fallback token embedded in '
'the code. Once active, it scans the local `/mnt/user-data` '
'directory, encodes files in base64, and uploads them to a '
'remote GitHub repository via the Contents API. The stolen '
'data is organized into unique folders per execution, while '
'fake diagnostic logs mask its malicious activity. A critical '
'error by the attacker embedding a private GitHub token in the '
'malware allowed researchers to trace exfiltration activity to '
'the operator’s repository. Approximately seven active data '
'theft sessions were observed, most likely test runs before '
'broader deployment. The GitHub account used in the campaign '
'was created just hours before the package’s publication and '
'was deleted shortly after discovery, though the npm package '
'remains accessible. The malware’s focus on the '
'`/mnt/user-data` directory suggests targeting of development '
'environments, containerized workloads, or cloud-based '
'systems. OX Security’s analysis revealed generic code '
'comments and commit messages, likely AI-generated to evade '
'detection during casual inspection.',
'impact': {'data_compromised': 'Sensitive files from `/mnt/user-data` '
'directory',
'systems_affected': 'Development environments, containerized '
'workloads, or cloud-based systems'},
'initial_access_broker': {'entry_point': 'Malicious npm package '
'(*mouse5212-super-formatter*)',
'high_value_targets': 'Development environments, '
'containerized workloads'},
'investigation_status': "Completed (attacker's infrastructure exposed)",
'lessons_learned': 'Attackers may overlook basic security practices (e.g., '
'hardcoded tokens), aiding defenders in tracking and '
'mitigating campaigns. AI-assisted malware development is '
'rising, but operational flaws can expose attackers.',
'motivation': 'Data Theft',
'post_incident_analysis': {'corrective_actions': 'Remove malicious npm '
'package, audit '
'dependencies, enforce token '
'security',
'root_causes': 'Hardcoded GitHub token in '
'malicious npm package, poor '
'operational security by attacker'},
'recommendations': 'Organizations should monitor npm packages for suspicious '
'activity, validate third-party dependencies, and '
'implement strict token management policies.',
'references': [{'source': 'OX Security'}],
'response': {'third_party_assistance': 'OX Security'},
'title': 'Malicious npm Package Exposes Attacker’s GitHub Token in Supply '
'Chain Threat',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Hardcoded GitHub Token'}