Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Audit. Show all posts
Windows
Audit ClawHub Cyber Attacks macOS Windows

Experts Find Malicious ClawHub Skills Stealing Data from OpenClaw


Koi Security’s security audit of 2,857 skills on ClawHub found 341 malicious skills via multiple campaigns. Users are exposed to new supply chain threats. 

ClawHub is a marketplace made to help OpenClaw users in finding and installing third-party skills. It is a part of the OpenClaw project, a self-hosted artificial intelligence (AI) assistant aka Moltbot and Clawdbot. 

Koi Security's analysis with OpenClaw bot “Alex” revealed that 335 skills use malicious pre-requisite to install an Apple macOS stealer called (Atomic Stealer). The activity goes by the code name ClawHavoc. 

According to Koi research Oren Yomtov, "You install what looks like a legitimate skill – maybe solana-wallet-tracker or youtube-summarize-pro. The skill's documentation looks professional. But there's a 'Prerequisites' section that says you need to install something first.”

Instruction steps:

Windows users are asked to download file “openclaw-agent.zip” from a GitHub repository.

macOS users are asked to copy an installation script hosted at glot[.]io and paste it in the Terminal application. 

Threat actors are targeting macOS users because of an increase in purchase of Mac Minus to use the AI assistant 24x7. 

In the password-protected archive, the trojan has keylogging functionality to steal credentials, API keys, and other important data on the device. Besides this, the glot[.]io script includes hidden shell commands to retrieve next-stage payloads from a threat-actor controlled infrastructure. 

This results in getting another IP address ("91.92.242[.]30") to get another shell script, which is modified to address the same server to get a universal Mach-O binary that shows traits persistent with Atomic Stealer, a commodity stealer that threat actors can buy for $500-1000/month that can extract data from macOS hosts.

The issue is that anyone can post abilities to ClawHub because it is open by default. At this point, the only requirement is that a publisher have a GitHub account that is at least a week old. 

Peter Steinberger, the founder of OpenClaw, is aware of the problem with malicious abilities and has subsequently implemented a reporting option that enables users who are signed in to report a skill. According to the documentation, "Each user can have up to 20 active reports at a time," "Skills with more than 3 unique reports are auto-hidden by default.”


Read more »
Subscribe to: Comments (Atom)