"This step involves instructions for both Windows and macOS systems: On Windows, users are asked to download a file called "openclaw-agent.zip" from a GitHub repository. On macOS, the documentation tells them to copy an installation script hosted at glot[.]io and paste it into the Terminal app. Present within the password-protected archive is a trojan with keylogging functionality to capture API keys, credentials, and other sensitive data on the machine, including those that the bot already has access to."
"The analysis, which Koi conducted with the help of an OpenClaw bot named Alex, found that 335 skills use fake pre-requisites to install an Apple macOS stealer named Atomic Stealer (AMOS). This set has been codenamed ClawHavoc. "You install what looks like a legitimate skill - maybe solana-wallet-tracker or youtube-summarize-pro," Koi researcher Oren Yomtov said. "The skill's documentation looks professional. But there's a 'Prerequisites' section that says you need to install something first.""
An audit of 2,857 ClawHub skills identified 341 malicious skills across multiple campaigns, creating new supply-chain risks for OpenClaw users. One campaign, codenamed ClawHavoc, involves 335 skills that use fake prerequisites to trick users into installing an Apple macOS stealer called Atomic Stealer (AMOS). Attack instructions direct Windows users to download an "openclaw-agent.zip" and macOS users to paste a glot[.]io installation script. The zip contains a trojan with keylogging to capture API keys, credentials, and other sensitive data. The glot[.]io script fetches additional payloads from attacker infrastructure, ultimately retrieving a Mach-O binary consistent with Atomic Stealer.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]