New vulnerability in open-source repositories uses fake OpenClaw install to attack

Probably better to keep the claw closed.

OpenClaw, the AI assistant that’s become globally popular in recent months, is increasingly being used by attackers as a threat vector. On March 4, cybersecurity platform provider Huntress debuted research showing that threat actors are using open-source repositories for OpenClaw installs to infect systems.

Report author Jai Minton, Huntress senior manager of detection engineering and threat hunting, told IT Brew that the exploit he discovered, which was shut down by GitHub, worked by giving users a false install that instead delivered malware via a packer known as Stealth Packer.

“In OpenClaw, there have been malicious skills files that are out there in the wild at the moment, but this is a separate issue,” Minton said. “Instead of doing that, they’re making their own malware look like the legitimate installers for OpenClaw, or Claude, or whatever the hot tool of the day is.”

Infiltration. Using the open source install, Stealth Packer infiltrates systems and resets firewall protections to allow the GhostSocks malware to route traffic through user systems, evading anti-fraud protections and sidestepping layers of protection like MFA. Packages can also include other malicious code, Minton said.

The attack was helped along by AI-generated search results from Bing, which recommended users utilize the GitHub repository containing the malicious code, leading people to use the infected OpenClaw installs.

More broadly, as IT Brew reported in February, allowing an AI assistant like OpenClaw to control your systems is inherently fraught with danger. Data exposure, prompt injection attacks, and general insecurity are at issue, as Javed Hasan, CEO of software supply-chain security company Lineaje, told us at the time: “Attackers are taking advantage of this unrestricted assembly of development tools that are then deployed as agents with significant access to enterprises.”

New jack city. A dummy install like the one found by Minton presents a different challenge for cybersecurity experts. Minton explained that new software like OpenClaw already has a lot of people playing catch-up, and they may turn to unproven but legitimate-looking alternate install packages on repositories like GitHub. The person who brought the threat to Huntress’s attention in the first place was a technical user.

If a fellow IT pro is susceptible to this threat, then anyone could be. The best protection, Minton told IT Brew, is to practice care when installing packages and ensure that security is top of mind.

“People generally will get to a point where they might get FOMO, they might want to experiment with this technology—and if they don’t know how to get started, they might just search for it on Google, Bing, whatever search engine they use,” Minton said. “Because of this, they have to be aware of the legitimate sources to pull this software, and they have to double check.”