GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything

GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything
DRANK

The JFrog Security research team has identified a malicious npm package named @openclaw-ai/openclawai. This package masquerades as a legitimate CLI tool called "OpenClaw Installer" while deploying a multi-stage infection chain that steals system credentials, browser data, crypto wallets, SSH keys, Apple Keychain databases, iMessage history, and more

research.jfrog.com 4 days ago

Open page

https://research.jfrog.com/post/ghostclaw-unmasked/