A new malware dubbed GhostClaw is targeting crypto wallets on macOS machines. The fake OpenClaw installer captures private keys, wallet access, and other sensitive data after installation. The fake package was uploaded by a user named ‘openclaw-ai’ on March 3. It remained on the npm registry for a week and infected 178 developers before removal on March 10. @openclaw-ai/openclawai posed as a legitimate OpenClaw CLI tool but instead ran a multi-stage attack. The malware collected sensitive data from developers. It extracted crypto wallets, macOS Keychain passwords, cloud credentials, SSH keys, and AI agent configs. The extracted data connects hackers to cloud platforms, codebases, and crypto. GhostClaw scans the clipboard for crypto data every three seconds The malware monitors the clipboard every three seconds to capture crypto data. This includes private keys, seed phrases, public keys, and other sensitive data related to crypto wallets and transactions. Once the developer runs the ‘npm install’ command, a hidden script installs the GhostClaw package globally. The tool runs an obfuscated setup file on developers’ machines to avoid detection. A fake OpenClaw CLI installer then appears on the screen. It prompts the victim to enter their macOS password through a Keychain request. The malware verifies the password using a native system tool. After that, it downloads a second JavaScript payload from a remote C2 server. The payload, called GhostLoader, acts as a data stealer and remote access tool. Data theft begins after the second payload download. GhostLoader does the heavy work. It scans Chromium browsers, Macintosh operating system (macOS) Keychain, and system storage for crypto wallet data. It also monitors the clipboard almost continuously to capture sensitive crypto data. The malware even clones browser sessions. This gives hackers direct access to logged-in crypto wallets and other related services. Moreover, the malicious tool steals API tokens that connect devs to AI platforms like OpenAI and Anthropic. The stolen data is then sent to threat actors via Telegram, GoFile, and command servers. The malware can also run numerous commands, deploy more payloads, and open new remote access channels. OpenClaw community hit with fake CLAW tokens airdrop Another malicious campaign that relies on OpenClaw’s hype spread on GitHub. The malware, which was discovered by cybersecurity researchers from OX Security, aims to contact devs directly and steal crypto data. Attackers create issue-threads in GitHub repositories and tag potential victims. Then they falsely state that chosen devs are eligible to receive $5,000 in CLAW tokens. The messages then lead recipient devs to a fake website that looks exactly like openclaw[.]ai. The phishing website sends a crypto wallet connection request that starts harmful actions when accepted by the victim. Linking a wallet to the site can lead to instant theft of crypto funds, warns OX Security researchers. Further analysis of the attack reveals that the phishing setup uses a redirect chain to token-claw[.]xyz and a command server at watery-compost[.]today. A JavaScript file with malicious code then steals crypto wallet addresses and transactions and sends them to the hacker. OX Security found a wallet address tied to the threat actor that might hold stolen crypto. The malicious code has features to monitor user actions and remove data from local storage. This makes malware detection and analysis harder. The attackers likely focus on users who have interacted with OpenClaw related repositories to increase their chances of crypto theft. Both attacks rely on social engineering as an entry point to victims’ crypto wallets. Users should not link crypto wallets to unknown sites and should be wary of unsolicited token offers on GitHub. If you're reading this, you’re already ahead. Stay there with our newsletter .
