OpenClaw, an advanced AI agent, has been exploited by scammers who created fake installers, leading to malware infections. Users searching for “OpenClaw Windows” on Bing were misdirected to a malicious GitHub repository, showcasing how quickly cybercriminals can leverage generative technologies for fraud. Between February 2 and 10, 2023, the harmful repositories delivered information stealers and GhostSocks, using GitHub’s trustworthiness to gain credibility. The phony installers, linked to an “openclaw-installer” organization, went viral due to Bing’s AI suggestions. Researchers from Huntress found that one user downloaded the installer, resulting in the deployment of multiple malware types, including a Rust-written Vidar stealer and proxy malware. The attackers utilized stealth packer technology to conceal malicious functions. With several similar scams circulating, users are advised to run AI agents in isolated environments, limit data access, and avoid assigning privileged credentials. This incident highlights the critical need for cybersecurity awareness in the rapidly evolving AI landscape.
Source link
