Bob P2P agent-to-agent crypto scam campaign
Campaign
Summary
Hide ▲
Show ▼
The Bob P2P operation is an ongoing agent-to-agent crypto scam that can expose Solana wallet private keys and trigger unauthorized transactions and payment redirection. The campaign uses 26medias and BobVonNeumann personas to push a fake decentralized API marketplace skill through Clawhub and Moltbook. Its significance is that it exploits trust between autonomous agents, allowing compromise to spread without further human interaction.
Related Happenings
ClawHub malicious skills deliver Atomic Stealer
Malware Activity
First: 28.02.2026 19:21
Last: 28.02.2026 19:21
Sources 1
About this happening:
Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
ClawHub malicious skills deliver Atomic Stealer
Malware ActivityAbout this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse
Malware Activity
First: 12.02.2026 16:25
Last: 12.02.2026 16:25
Sources 1
About this happening:
**Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through multiple delivery paths, including **fraudulent GitHub repositories**, **SEO poisoning**, **malvert...
Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse
Malware ActivityAbout this happening: **Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through multiple delivery paths, including **fraudulent GitHub repositories**, **SEO poisoning**, **malvert...
VirusTotal Code Insight scanning for OpenClaw ClawHub skills
Security Tool/Service
First: 08.02.2026 09:32
Last: 08.02.2026 09:32
Sources 1
About this happening:
**OpenClaw** has added **VirusTotal Code Insight** scanning for **ClawHub** skill uploads, changing how new skills are vetted before publication. **Benign** bundles are approved a...
VirusTotal Code Insight scanning for OpenClaw ClawHub skills
Security Tool/ServiceAbout this happening: **OpenClaw** has added **VirusTotal Code Insight** scanning for **ClawHub** skill uploads, changing how new skills are vetted before publication. **Benign** bundles are approved a...
OpenClaw skills delivering infostealer malware to macOS and Windows systems
Malware Activity
First: 03.02.2026 18:30
Last: 03.02.2026 18:30
Sources 1
About this happening:
Researchers identified **386 malicious OpenClaw skills** that pose an active infostealer risk to **macOS** and **Windows** users. The skills impersonate crypto-trading automation...
OpenClaw skills delivering infostealer malware to macOS and Windows systems
Malware ActivityAbout this happening: Researchers identified **386 malicious OpenClaw skills** that pose an active infostealer risk to **macOS** and **Windows** users. The skills impersonate crypto-trading automation...
ClawHavoc malicious skills campaign targeting OpenClaw users via ClawHub
Campaign
First: 02.02.2026 19:49
Last: 02.02.2026 19:49
Sources 1
About this happening:
The **ClawHavoc** campaign continues to abuse **ClawHub** and the **OpenClaw** ecosystem to distribute **infostealer malware** through malicious skills. New reporting says the ope...
ClawHavoc malicious skills campaign targeting OpenClaw users via ClawHub
CampaignAbout this happening: The **ClawHavoc** campaign continues to abuse **ClawHub** and the **OpenClaw** ecosystem to distribute **infostealer malware** through malicious skills. New reporting says the ope...
Timeline
-
23.02.2026 14:30 2 articles · 3mo ago
Bob P2P agent-to-agent crypto scam analysis
Technical Analysis UpdateStraiker analyzed 3,505 Claude Skills on Clawhub and identified an active agent-to-agent attack chain operated by 26medias and BobVonNeumann across Clawhub, Moltbook, and Twitter. The malicious skill bob-p2p posed as a decentralized API marketplace while instructing agents to store Solana wallet private keys in plaintext, buy worthless $BOB tokens, and route payments through attacker-controlled infrastructure, creating unauthorized transactions and payment redirection for human wallet owners behind compromised agents.
Show sources
- Autonomous AI Agents Provide New Class of Supply Chain Attack — www.securityweek.com — 23.02.2026 14:30
- Autonomous AI Agents Provide New Class of Supply Chain Attack — www.securityweek.com — 23.02.2026 14:30