OpenClaw-targeting infostealer file-grabbing activity
Malware Activity
Summary
Hide ▲
Show ▼
The infostealer’s first live attack against OpenClaw now matters because it used a broad file-grabbing routine to collect secrets, tokens, keys, and assistant context from local instances. The malware pulled openclaw.json and device.json, exposing the victim’s email address, workspace path, and gateway token. It also captured pairing keys and memory files that could enable remote access, impersonation, and deeper compromise of the user’s AI environment.
Related Happenings
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware Activity
H score30
First: 09.03.2026 20:31
Last: 09.03.2026 20:31
Sources 1
About this happening:
A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware ActivityAbout this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
Vulnerability
H score37
First: 01.03.2026 23:44
Last: 01.03.2026 23:44
Sources 1
About this happening:
**OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
VulnerabilityAbout this happening: **OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
ClawHub malicious skills deliver Atomic Stealer
Malware Activity
H score29
First: 28.02.2026 19:21
Last: 28.02.2026 19:21
Sources 1
About this happening:
Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
ClawHub malicious skills deliver Atomic Stealer
Malware ActivityAbout this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
Timeline
-
17.02.2026 11:35 2 articles · 4mo ago
First live OpenClaw infostealer attack disclosure
Initial DisclosureHudson Rock reported that researchers witnessed the first live attack targeting an OpenClaw configuration environment and said an infostealer used a broad file-grabbing routine to sweep for sensitive file extensions and directories such as .openclaw. The analysis said the malware collected openclaw.json, device.json, soul.md, agents.md, and memory.md from a local OpenClaw instance user, exposing the victim’s email address, workspace path, gateway token, and device private keys with potential for remote access, impersonation, and compromise of paired cloud services.
Show sources
- Infostealer Targets OpenClaw to Loot Victim’s Digital Life — www.infosecurity-magazine.com — 17.02.2026 11:35
- Infostealer Targets OpenClaw to Loot Victim’s Digital Life — www.infosecurity-magazine.com — 17.02.2026 11:35