ScoutGet the App

GhostClaw attack targets DevOps tools

Attackers are using the "GhostClaw" campaign masquerading as OpenClaw CLI to distribute a RAT and steal developer credentials via a malicious npm package.

The malicious package, named "openclaw-cli," was found on the npm registry. It's designed to look like a legitimate tool, but it actually installs a remote access trojan (RAT) on the victim's machine. Attackers are after developer credentials and sensitive information, which they can then use to compromise systems further. This type of attack highlights the increasing risk of supply chain vulnerabilities in DevOps environments. The GhostClaw campaign's use of npm demonstrates a shift towards targeting the software development lifecycle directly. DevOps engineers should carefully vet dependencies and use security tools to scan for malicious packages.

Get your own daily briefing

Scout delivers personalized news, insights, and conversations tailored to your role and industry.

Download on the App Store

Shared from Scout - Be the smartest in the room.