Claude AI Users Targeted by Malicious npm Package

Malicious npm Package Targets Claude AI Users

According to recent reports, cybersecurity experts have uncovered a dangerous package on the npm registry designed to steal sensitive information.

The package, identified as "mouse5212-super-formatter," specifically targets files located in "/mnt/user-data"—a directory used by Anthropic's Claude AI tool for handling uploads and outputs in the background.

How the Attack Works

The malicious package exfiltrates files from the Claude AI user directory without the user's knowledge. Once installed, it accesses the dedicated directory and uploads its contents to a remote server controlled by the attackers. This could expose sensitive data processed by the AI tool, including personal documents, code, or confidential information.

Implications for Users

This discovery highlights the growing risks in the software supply chain, especially for AI-related tools that handle user data. Developers and users who rely on Claude AI are advised to verify the integrity of npm packages before installation and to monitor their systems for any suspicious activity.

Protective Measures

To mitigate such threats, experts recommend:

Auditing all dependencies in your projects.
Using package scanning tools to detect malicious code.
Avoiding packages with suspicious names or limited downloads.
Regularly reviewing file access permissions for AI tools.

Stay vigilant and ensure your development environments are secure against these evolving threats.