Fake OpenClaw installers spread malware
What happened
Malicious npm packages posing as OpenClaw installers deployed credential stealers and malware, some linked to ransomware groups.
Why it matters
The malicious package, named "@openclaw-ai/openclawai," was designed to resemble a legitimate developer utility. Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and developer tokens. The package uses social engineering, including a fake command-line interface with animated progress bars, to trick users into entering their system password. This grants the malware access to the macOS Keychain, which unlocks further credentials and data. The malware installs a Remote Access Trojan (RAT) called GhostLoader, giving attackers control over infected systems. This allows them to execute commands, access files, configure a SOCKS5 proxy, and even clone browser sessions, bypassing multi-factor authentication. The malicious package was uploaded to the npm registry on March 3, 2026, and has been downloaded over 178 times. It's still available for download as of March 9, 2026.
Key numbers
- This allows them to execute commands, access files, configure a SOCKS5 proxy, and even clone browser sessions, bypassing multi-factor authentication.
- The malicious package was uploaded to the npm registry on March 3, 2026, and has been downloaded over 178 times.
- It's still available for download as of March 9, 2026.
Sources
Quick answers
What happened in Fake OpenClaw installers spread malware?
Malicious npm packages posing as OpenClaw installers deployed credential stealers and malware, some linked to ransomware groups.
Why does Fake OpenClaw installers spread malware matter?
The malicious package, named "@openclaw-ai/openclawai," was designed to resemble a legitimate developer utility. Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and developer tokens. The package uses social engineering, including a fake command-line interface with animated progress bars, to trick users into entering their system password. This grants the malware access to the macOS Keychain, which unlocks further credentials and data. The malware installs a Remote Access Trojan (RAT) called GhostLoader, giving attackers control over infected systems. This allows them to execute commands, access files, configure a SOCKS5 proxy, and even clone browser sessions, bypassing multi-factor authentication. The malicious package was uploaded to the npm registry on March 3, 2026, and has been downloaded over 178 times. It's still available for download as of March 9, 2026.
