ClawHavoc malicious skills campaign targeting OpenClaw users via ClawHub
Campaign
Summary
Hide ▲
Show ▼
The ClawHavoc campaign continues to abuse ClawHub and the OpenClaw ecosystem to distribute infostealer malware through malicious skills. New reporting says the operation now includes 386 malicious skills that pose as cryptocurrency trading automation tools and borrow brand names such as ByBit, Polymarket, Axiom, Reddit and LinkedIn to encourage installs. The skills target macOS and Windows users and rely on social engineering to get victims to run commands that steal exchange API keys, wallet private keys, SSH credentials and browser passwords. The activity uses shared C2 infrastructure 91.92.242.30, and the most popular malicious publisher, hightower6eu, accounted for almost 7000 downloads.
Related Happenings
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
Campaign
First: 09.03.2026 14:05
Last: 09.03.2026 14:05
Sources 1
About this happening:
The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign
CampaignAbout this happening: The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...
Russian-speaking threat actor campaign expands across multiple victims
Campaign
First: 09.03.2026 01:35
Last: 09.03.2026 01:35
Sources 1
About this happening:
A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Russian-speaking threat actor campaign expands across multiple victims
CampaignAbout this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
ClawHub malicious skills deliver Atomic Stealer
Malware Activity
First: 28.02.2026 19:21
Last: 28.02.2026 19:21
Sources 1
About this happening:
Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
ClawHub malicious skills deliver Atomic Stealer
Malware ActivityAbout this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
Timeline
-
02.02.2026 19:49 4 articles · 3mo ago
Koi Security discloses ClawHavoc malicious ClawHub skills
Initial DisclosureKoi Security disclosed that a security audit of 2,857 ClawHub skills found 341 malicious skills across multiple campaigns targeting OpenClaw users, including a ClawHavoc set of 335 skills that used fake prerequisites to push Atomic Stealer (AMOS) on Windows and macOS. The malicious listings used typosquatted ClawHub-style names, staged downloads such as openclaw-agent.zip and glot[.]io scripts, and shared 91.92.242[.]30 infrastructure; some skills also hid reverse shells or exfiltrated credentials from ~/.clawdbot/.env to webhook[.]site.
Show sources
- Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users — thehackernews.com — 02.02.2026 19:49
- Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users — thehackernews.com — 02.02.2026 19:49
- Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw — www.infosecurity-magazine.com — 03.02.2026 18:30
- AMOS infostealer targets macOS through a popular AI app — www.bleepingcomputer.com — 12.02.2026 16:25