Cybersecurity researchers have identified a significant case of an information stealer malware, linked to the Vidar variant, that successfully exfiltrated sensitive data from the OpenClaw configuration environment. This infostealer marks a shift in tactics, moving beyond traditional browser credential theft to targeting personal AI agent data. Key files exfiltrated include openclaw.json, which contains gateway tokens and victim email addresses, device.json with cryptographic keys, and soul.md detailing the AI agent’s operational code. The theft of authentication tokens poses severe risks, enabling attackers to remotely access the victim’s OpenClaw instance. The increased integration of AI in workflows presents a growing target for infostealer developers. Concerns have also arisen regarding unremovable AI agent accounts on Moltbook and numerous exposed OpenClaw instances that leave users vulnerable to remote code execution (RCE) exploits. As OpenClaw gains popularity, these security issues underscore the urgent need for robust threat detection and mitigation strategies.
Source link
