Dubbed GhostClaw, the new malware targets cryptocurrency wallets on macOS devices. The fake OpenClaw installer captures private keys, wallet access, and other sensitive data after installation.
The fake package was uploaded by a user named “openclaw-ai” on March 3. It remained in the npm registry for a week and infected 178 developers before it was removed on March 10.
@openclaw-ai/openclawai was posed as a legitimate tool for the OpenClaw CLI, but instead launched a multi-stage attack.
The malware collected sensitive data from developers. It extracted cryptocurrency wallets, macOS Keychain passwords, cloud credentials, SSH keys, and AI agent configurations. The extracted data links hackers to cloud platforms, code bases, and cryptocurrencies.
GhostClaw scans the clipboard for encryption data every three seconds
The malware monitors the clipboard every three seconds to capture cryptographic data. This includes private keys, seed phrases, public keys, and other sensitive data related to cryptocurrency wallets and transactions.
Once the developer runs the “npm install” command, the hidden script installs the file GhostClaw The package is worldwide. The tool runs an obscure setup file on developers’ devices to avoid detection.
The fake OpenClaw CLI installer then appears on the screen. The victim is prompted to enter his or her macOS password through a Keychain request. The malware verifies the password using a native system tool. Next, it downloads a second JavaScript payload from a remote C2 server. The payload, called GhostLoader, acts as a data theft and remote access tool.
Data theft begins after the second payload is downloaded. GhostLoader does the heavy lifting. It scans Chromium browsers, the Macintosh Operating System (macOS) keychain, and the system storage of crypto wallet data. It also monitors the wallet almost continuously to capture sensitive cryptographic data.
The malware even clones browser sessions. This gives hackers direct access to logged-in cryptocurrency wallets and other related services. Furthermore, the malicious tool steals Application Programming Interface (API) tokens that connect developers to AI platforms such as OpenAI And the anthropic.
The stolen data is then sent to threat actors via Telegram, GoFile, and command servers. The malware can also run multiple commands, spread more payloads, and open new remote access channels.
Another malicious campaign based on OpenClaw hype spread on GitHub. the malware, Discovered by cybersecurity researchers from OX Security, it aims to contact developers directly and steal encryption data.
Attackers create threads in GitHub repositories and tag potential victims. They then falsely state that selected developers are eligible for $5,000 in CLAW tokens.
The messages then direct recipient developers to a fake website that looks exactly like openclaw(.)ai. The phishing site sends a connection request to a crypto wallet to initiate malicious actions upon the victim’s acceptance. Linking a wallet to a site could lead to instant theft of cryptocurrency funds, OX Security researchers warn.
Further analysis of the attack reveals that the phishing setup uses a redirection string to token-claw(.)xyz and a command server at watery-compost(.) today. A JavaScript file containing malicious code steals crypto wallet addresses and transactions and sends them to the hacker.
OX Security found a wallet address associated with a threat actor that may be holding stolen cryptocurrencies. The malicious code has features to monitor user actions and remove data from local storage. This makes malware detection and analysis more difficult.
Attackers will likely focus on users they have interacted with OpenClaw Relevant repositories to increase the chances of cryptocurrency theft.
Both attacks rely on social engineering as an entry point into victims’ cryptocurrency wallets. Users should not link cryptocurrency wallets to unknown sites and should be wary of unwanted token offers on GitHub.
