A malware dev has committed a magnificent self-own after an AI-coded malicious package leaked its own GitHub private token

We're continually warned about the prospect of AI-generated malware these days, but there is one important factor working in our favour: sometimes, it's kinda rubbish.

Ox Security researchers have discovered an info-stealing malicious npm package called mouse5212-super-formatter, designed to target Claude users. The nasty little blighter reached 676 downloads before being unmasked, after the apparently AI-coded malware leaked its own GitHub private token (via The Registry).

The researchers say the infostealer posed as an internal "archive deployment sync utility", but in reality, it "authenticates to GitHub (using an environment token or a hard-coded fallback), checks whether a target repository exists, creates it if needed, then recursively walks a local directory and uploads every file through the GitHub Contents API."

The malware then stores stolen files under a random per-run folder name, while also writing a fake network connections log to make "execution look like diagnostics rather than theft."

The GitHub private token allowed the researchers to trace the stolen files and analyse the malware, raising suspicions of AI coding involvement. The threat actor's GitHub account linked to the package has since been deleted.

My favourite part? OX Security has put together a handy chart to show how it all works, labelling its type as "Infostealer/Malware-Slop." Damn.

"While threat actors have been leveraging their techniques in recent years, this is a good example showing how some... are using AI to generate malware without understanding basic opsec concepts and best practices," says the company.

"Now that the bar to create malicious code [has been] reduced significantly, we’re going to see more threat actors getting into the game–uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely."

Well, this particularly insecure, err, security risk appears to have been neutralised, and we can all rest easy in our beds tonight. Hey, just be glad we're still in the early days of the AI self-owning age. If things keep developing at the current rate, these stories are going to become a lot less fun as the years go on.