An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder. The AI-generated malware leaked its own GitHub private token, thus allowing OX Security researchers to trace the stolen files and analyze the malware before issuing this warning: “We’re going to see more threat actors getting into the game – uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely.” According to researchers Moshe Siman Tov Bustan and Nir Zadok, the sloppy code writer created their GitHub account earlier this month, just hours before uploading their first malicious version to npm and shortly after testing out the information-stealing capabilities on a “test” repository. The GitHub account was deleted after the attack.…