AI npm Malware Exposes Threat Actor’s Private GitHub Token
A new wave of AI-generated malware is impacting the open-source software ecosystem, with recent findings revealing a threat actor’s critical blunder. Researchers discovered an npm malware...
A new wave of AI-generated malware is impacting the open-source software ecosystem, with recent findings revealing a threat actor’s critical blunder. Researchers discovered an npm malware operation that inadvertently exposed the attacker’s private GitHub token, providing a rare, detailed glimpse into their activities. This exposure, documented in a A malicious package named “mouse5212-super-formatter” was discovered on the npm registry, acting as an infostealer designed to quietly steal files from any developer who installed it.
What made this case unusual was not just what the malware did, but what it accidentally revealed about the person behind it.
The package quietly disguised itself as a legitimate internal tool, presenting itself as an “archive deployment sync” utility.
Beneath that cover, it was built to scan a specific directory on the victim’s machine and upload every file it found directly to a remote GitHub repository.
The malware reached 676 downloads before its true nature was uncovered, and it was still live on npm at the time of publishing.
Researchers at OX Security identified the package and published a detailed analysis of its behavior and inner workings.
Their findings confirmed this was not a polished, sophisticated attack, but rather a sloppy piece of AI-generated code that exposed the attacker through their own careless mistakes.
The most damning error was a hardcoded private GitHub token left inside the malware itself. This token belonged to the threat actor, not the victim, and it gave researchers the ability to trace the file exfiltrations in real time.
OX Security noted in a report shared with Cyber Security News that they observed around seven active exfiltration events in the threat actor’s GitHub repository before it was taken down, most of which appeared to be tests run by the attacker during development.
The threat actor’s GitHub account was created just a few hours before the first malicious version was uploaded to npm. After the attack was discovered, the account was deleted.
The brief timeline and careless inclusion of a private token strongly suggest the attacker was not a seasoned professional, but someone using AI tools to generate attack code without fully understanding what they were building.
AI-Generated npm Malware
Once installed, the malware authenticated to GitHub using either an environment token or the hardcoded fallback and checked whether a target repository existed, creating one if it did not.
It then walked through the local “/mnt/user-data” directory recursively and uploaded every file it found using the GitHub Contents API. To avoid detection, it stored stolen files under a randomly generated folder name for each session, helping the attacker separate multiple theft runs from different victims.
The malware also wrote a fake “network connections” log during execution, designed to make the activity look like routine diagnostics rather than data theft.
Comments and commit messages inside the code were written in bland, technical language to reduce suspicion. The data itself was encoded in base64 during the exfiltration process, a basic obfuscation technique to disguise the outgoing content.
AI-Assisted Malware Creation is Lowering the Bar
This case is a clear example of how threat actors are using AI to generate malware without understanding basic operational security concepts or safe coding practices.
The bar to create functional malicious code has been significantly lowered, and the security community should expect to see more sloppy, AI-assisted malware campaigns in the months ahead.
Attackers who use AI to build tools they do not fully understand are more likely to make mistakes like the hardcoded token seen here.
However, even imperfect malware can cause real harm if it reaches enough users before being detected. Developers and security teams should remain cautious about packages with little history, few downloads, and no clear community backing.
If you installed the “mouse5212-super-formatter” package, OX Security recommends taking immediate steps to limit the damage.
First, revoke any GitHub access tokens that may have been present in the affected environment. Second, treat all files in the “/mnt/user-data” directory as compromised and audit them carefully for sensitive data.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| Package Name | mouse5212-super-formatter | Malicious npm infostealer package |
| File Path | /mnt/user-data | Local directory targeted for recursive file exfiltration |
| Exfiltration Method | GitHub Contents API | Used to upload stolen files to threat actor’s repository |
| Obfuscation Technique | Base64 encoding | Used to encode exfiltrated file contents during upload |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.