ClawHavoc malicious skills campaign targeting OpenClaw users via ClawHub
Campaign
Summary
Hide ▲
Show ▼
The ClawHavoc campaign continues to abuse ClawHub and the OpenClaw ecosystem to distribute infostealer malware through malicious skills. New reporting says the operation now includes 386 malicious skills that pose as cryptocurrency trading automation tools and borrow brand names such as ByBit, Polymarket, Axiom, Reddit and LinkedIn to encourage installs. The skills target macOS and Windows users and rely on social engineering to get victims to run commands that steal exchange API keys, wallet private keys, SSH credentials and browser passwords. The activity uses shared C2 infrastructure 91.92.242.30, and the most popular malicious publisher, hightower6eu, accounted for almost 7000 downloads.
Related Happenings
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware Activity
H score12
First: 17.06.2026 12:38
Last: 17.06.2026 12:38
Sources 1
About this happening:
A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware ActivityAbout this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
TikTok and Instagram Reels Vidar social-engineering campaign
Campaign
H score37
First: 10.06.2026 19:00
Last: 10.06.2026 19:00
Sources 1
About this happening:
A **TikTok** and **Instagram Reels** campaign is using fake free-software tutorials to push **Vidar**, turning social feeds into a high-reach malware delivery channel. The operati...
TikTok and Instagram Reels Vidar social-engineering campaign
CampaignAbout this happening: A **TikTok** and **Instagram Reels** campaign is using fake free-software tutorials to push **Vidar**, turning social feeds into a high-reach malware delivery channel. The operati...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
H score58
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 03.06.2026 14:00
President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
Campaign
H score32
First: 09.03.2026 14:05
Last: 09.03.2026 14:05
Sources 1
About this happening:
The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
CampaignAbout this happening: The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
Timeline
-
02.02.2026 19:49 4 articles · 5mo ago
Koi Security discloses ClawHavoc malicious ClawHub skills
Initial DisclosureKoi Security disclosed that a security audit of 2,857 ClawHub skills found 341 malicious skills across multiple campaigns targeting OpenClaw users, including a ClawHavoc set of 335 skills that used fake prerequisites to push Atomic Stealer (AMOS) on Windows and macOS. The malicious listings used typosquatted ClawHub-style names, staged downloads such as openclaw-agent.zip and glot[.]io scripts, and shared 91.92.242[.]30 infrastructure; some skills also hid reverse shells or exfiltrated credentials from ~/.clawdbot/.env to webhook[.]site.
Show sources
- Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users — thehackernews.com — 02.02.2026 19:49
- Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users — thehackernews.com — 02.02.2026 19:49
- Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw — www.infosecurity-magazine.com — 03.02.2026 18:30
- AMOS infostealer targets macOS through a popular AI app — www.bleepingcomputer.com — 12.02.2026 16:25