Cyber Blog

Cybersecurity researchers recently found a harmful software package on npm, a popular website developers use to download coding tools. The package pretended to be a normal tool, but it was actually designed to secretly steal files from people using Anthropic’s Claude AI platform.

The fake package looked harmless and claimed to help organize and sync files. Behind the scenes, though, it quietly connected to GitHub, a website where people store code and projects online. The malware then created hidden online folders controlled by the attacker and uploaded files from the victim’s computer without their knowledge.

The stolen files came from a folder connected to Claude AI, which may contain uploaded documents, work files, or other private information. To avoid being detected, the malware also created fake activity logs to make it look like the program was doing normal technical tasks instead of stealing data.

Researchers said the package had already been downloaded hundreds of times before it was discovered. The attacker’s GitHub account was eventually removed, but investigators noticed several mistakes in how the malware was made. Because of these errors, experts believe the attacker may have used artificial intelligence tools to help create the malware.

Security experts say this is part of a growing trend where criminals use AI to create malicious software more quickly and easily. Even though some of these attacks are poorly made, they can still be dangerous because they target widely used online platforms and tools.