Cyber: Infostealer Steals Openclaw AI Agent Configuration Files And...
Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment.
"This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said.
Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details. Vidar is an off-the-shelf information stealer that's known to be active since late 2018.
That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data.
It's worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.
"While the malware may have been looking for standard 'secrets,' it inadvertently struck gold by capturing the entire operational context of the user's AI assistant," Hudson Rock added. "As AI agents like OpenClaw become more integrated into professional workflows, infostealer developers will likely release dedicated modules specifically designed to decrypt and parse these files, much like they do for Chrome or Telegram today."
The disclosure comes as security issues with OpenClaw prompted the maintainers of the open-source agentic platform to announce a partnership with VirusTotal to scan for malicious skills uploaded to ClawHub, establish a threat model, and add the ability to audit for potential misconfigurations.
Last week, the OpenSourceMalware team detailed an ongoing ClawHub malicious skills campaign that uses a new technique to bypass VirusTotal scanning by hosting the malware on lookalike OpenClaw websites and using the skills purely as decoys, instead of embedding the payload directly in their SKILL.md files.
"The shift from embedded payloads to external malware hosting shows threat actors adapting to detection capabilities," security researcher Paul McCarty said. "As AI skill registries grow, they become increasingly attractive targets for supply c
Source: The Hacker News
