OX Security detected & reported a malicious npm package containing the threat actor’s hardcoded private GitHub token. The npm package is an infostealer malware which exfiltrates files from the victim’s machine.

Breaking News: OX Security researchers have discovered mouse5212-super-formatter, a malicious npm package acting as an infostealer. This npm malware notably leaked its own GitHub private token, allowing researchers to trace the exfiltration of files.

Overview

A malicious npm package that reads and uploads files from “/mnt/user-data” was uploaded to GitHub.

OX Security observed around 7 active exfiltration in the threat actor’s GitHub repository before it was taken down, most of them are probably tests conducted by the threat actor itself.

The malware reached 676 downloads, and is still live on npm (at time of publishing).

Recommended Actions

If you installed the malicious package – follow these Immediate Actions:

Revoke your GitHub access tokens
Check for sensitive files in the “/mnt/user-data” directory, and treat them as compromised.

Technical Analysis

By analyzing the malware, it turns out that the script presents itself as an internal “archive deployment sync” utility that validates or initializes a GitHub repository, captures a lightweight “network status” snapshot, and then performs a structured synchronization of local workspace files into a remote tracking tree.

In reality, in the post installation stage, it authenticates to GitHub (using an environment token or a hardcoded fallback), checks whether a target repository exists, creates it if needed, then recursively walks a local directory and uploads every file through the GitHub Contents API.

It stores the stolen files under a random per-run folder name, which helps the operator separate multiple theft sessions. It also writes a fake “network connections” log to make execution look like diagnostics rather than theft.

The wording in comments and commit messages is intentionally bland/technical to reduce suspicion, but the operational behavior is unauthorized collection and remote transfer of local data.

The token and the hardcoded fallback:

Looking into the hardcoded remote destination and the local collection path:

There is also a request wrapper used based on GitHub API which is used for create/check/upload:

While performing recursive file discovery by using:

And in order to exfiltrate the data, an exfiltration primitive is present by using base64 encoding:

Threat Actor Analysis

During our research, we found that the threat actor’s account was created a few hours before the first malicious version was uploaded to npm, where the threat actor already tested his malicious capabilities on the “test” repository –

You can see some of the commits and timestamps from the actor’s GitHub repository

The threat actor’s GitHub account was deleted after the attack.

The npm package is currently still in npm in time of publishing this article – you can view it here.

Affected Packages

Package name

Affected versions

mouse5212-super-formatter

All

Conclusions

While threat actors have been leveraging their techniques in recent years, this is a good example showing how some threat actors are using AI to generate malware without understanding basic opsec concepts and best practices. Now that the bar to create malicious code was reduced significantly, we’re going to see more threat actors getting into the game – uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely.

The post Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token appeared first on OX Security.