Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenClaw skills delivering infostealer malware to macOS and Windows systems

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Researchers identified 386 malicious OpenClaw skills that pose an active infostealer risk to macOS and Windows users. The skills impersonate crypto-trading automation add-ons for ByBit, Polymarket, Axiom, Reddit and LinkedIn, then use social engineering to get users to run malicious commands. The operation is significant because it steals exchange API keys, wallet private keys, SSH credentials and browser passwords through a shared C2 server at 91.92.242.30.

Related Happenings

OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)

Vulnerability
First: 15.05.2026 16:35 Last: 15.05.2026 16:35 Sources 1

About this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...

Open Happening

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 23.05.2026 14:55

Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.

Open Happening

Ceros by Beyond Identity AI Trust Layer for Claude Code

Security Tool/Service
First: 19.03.2026 12:58 Last: 19.03.2026 12:58 Sources 1

About this happening: Beyond Identity introduced **Ceros** to give security teams visibility and control over **Claude Code** activity on developer machines. The platform enforces **runtime policies**...

Open Happening

Chinese authorities restrict OpenClaw office use

Public Sector Action
First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: Chinese authorities **restricted OpenClaw AI apps** on **office computers** used by **state-run enterprises** and **government agencies** to contain **security risks**. The ban al...

Open Happening

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

Open Happening

Timeline

  1. 03.02.2026 18:30 2 articles · 3mo ago

    OpenClaw malicious skill campaign disclosed

    Initial Disclosure

    Security researcher Paul McCarty (6mile) disclosed 386 malicious ClawHub skills for OpenClaw that masquerade as cryptocurrency trading automation tools for ByBit, Polymarket, Axiom, Reddit and LinkedIn, then trick users into executing commands that install infostealer malware on macOS and Windows and steal API keys, wallet private keys, SSH credentials and browser passwords.

    Show sources
    Open in new tab