The Human Error Behind the Machine: Analyzing the mouse5212-super-formatter npm Infostealer
A recent discovery in the open-source ecosystem has provided a rare “behind-the-curtain” look at modern supply chain attacks. A malicious npm package, identified as mouse5212-super-formatter, has drawn significant scrutiny from the cybersecurity community—not just for its malicious intent, but for a massive operational blunder: the inadvertent exposure of the attacker’s own private GitHub token.
Researchers at OX Security identified the package as a sophisticated infostealer. While it masquerades as a legitimate development utility designed for “archive deployment sync,” its underlying logic is engineered to silently exfiltrate sensitive local data to an attacker-controlled repository.
Technical Deep Dive: How the Malware Operates
The malware employs a classic “Trojan Horse” strategy. On the surface, the package appears to perform benign tasks, such as validating GitHub repositories and collecting basic network diagnostics. However, the actual payload triggers during the post-installation phase, executing a sequence of highly invasive maneuvers.
Upon execution, the script attempts to authenticate with GitHub. It utilizes a multi-layered approach for authentication, first checking for an existing environment token and then falling back to a hardcoded token embedded directly within the source code. Once authenticated, the malware performs the following lifecycle:
- Target Discovery: It checks for the existence of a remote repository and creates one if necessary to serve as a data drop.
- Recursive Scanning: The malware performs a recursive scan of the local directory path
/mnt/user-data. This specific pathing suggests a targeted interest in containerized environments, cloud workloads, or Linux-based development servers where such directories are common. - Data Exfiltration: Every file discovered during the scan is encoded using Base64. The encoded strings are then uploaded to the attacker’s repository via the GitHub Contents API.
- Evasion Tactics: To evade detection by automated monitoring tools and casual human inspection, the malware generates fake diagnostic logs labeled as “network connections.” Furthermore, the code comments and commit messages are intentionally generic, a hallmark of AI-generated code designed to bypass pattern-based detection.
To maintain organizational efficiency, the malware generates unique folder structures for each execution session, allowing the threat actor to manage and parse multiple victim datasets without overlap.
The Fatal Flaw: A Lesson in Operational Security (OPSEC)
In a twist that provides a windfall for forensic analysts, the attacker failed to implement basic security hygiene. By hardcoding a private GitHub token into the malware, the threat actor essentially handed researchers the keys to their infrastructure.
This oversight allowed OX Security to trace activity directly to the attacker’s repository. Researchers were able to observe approximately seven active exfiltration events before the attacker realized the mistake. Most of these appeared to be “test runs” conducted in a repository labeled “test,” where the attacker left behind a trail of commit timestamps and activity logs.
The timeline of the attack also reveals a high degree of automation: the GitHub account used in the campaign was registered only hours before the malicious package was published to the npm registry. While the attacker deleted the GitHub account shortly after the discovery, the npm package remained live long enough to reach 676 downloads.
Threat Summary
| Metric | Details |
|---|---|
| Package Name | mouse5212-super-formatter |
| Affected Versions | All versions |
| Primary Target Path | /mnt/user-data |
| Exfiltration Method | Base64 encoding via GitHub Contents API |
Remediation and Defensive Recommendations
If your environment has utilized this package or contains sensitive data within the targeted directories, immediate action is required. We recommend the following steps:
- Revoke Credentials: Any GitHub access tokens or environment variables present on systems where this package was installed must be considered compromised and revoked immediately.
- Audit Directory Content: Perform a forensic audit of the
/mnt/user-datadirectory to determine if sensitive files were accessed or exfiltrated. - Monitor Repository Activity: Watch for unusual spikes in outbound traffic to GitHub API endpoints or the creation of unexpected repositories in your cloud environment.
- Implement Software Composition Analysis (SCA): Utilize SCA tools to scan your dependency trees for known malicious packages and enforce strict version pinning.
The Rise of AI-Assisted Malware
This incident highlights a shifting paradigm in the threat landscape. As attackers leverage generative AI to produce code more rapidly, the “barrier to entry” for creating malware is plummeting. While this allows for the quick deployment of new threats, it also leads to a higher frequency of “rookie mistakes”—such as the inclusion of hardcoded credentials—that defenders can exploit.
As AI-assisted malware becomes a standard tool for threat actors, security teams must transition toward continuous monitoring of open-source ecosystems and more rigorous validation mechanisms for third-party dependencies.