#postinstall-malware

[ follow ]
#npm-supply-chain #information-stealing #github-exfiltration #anthropic-claude-mntuser-data
Information security
fromThe Hacker News
2 days ago

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

A malicious npm package steals local files from /mnt/user-data and uploads them to an attacker-controlled GitHub repository during postinstall.
[ Load more ]