AI-Generated npm Malware Leaks Hacker’s Private GitHub Token

A malicious npm package named mouse5212-super-formatter, identified by OX Security, operates as an AI-generated infostealer that recursively scans the /mnt/user-data directory, base64-encodes discovered files, and uploads them to attacker-controlled GitHub repositories via the Contents API. The operator mistakenly hardcoded a private GitHub token, allowing researchers to observe roughly seven active exfiltration events and trace attacker infrastructure; the package remains live on npm with all versions affected. Immediate remediation recommended: revoke tokens, audit exposed systems, and monitor for automated GitHub uploads.