Threat Actor’s GitHub Token Leaked by AI-Generated npm Malware

Security researchers found a malicious npm package (mouse5212-super-formatter) that, during post-install, masquerades as an internal utility while recursively collecting local files and exfiltrating them to a GitHub repository via the Contents API; it uses either an environment token or a hardcoded attacker token and researchers observed the attacker's account creation and test uploads. The report warns this is an example of AI-enabled, low-sophistication supply-chain malware and urges immediate incident response for anyone who installed or interacted with the package.