Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

CentryNex

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library is still available for

SOURCE:

Share the Post:

Related News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Another week in cybersecurity. Another week of “you’ve got to be kidding me.” Attackers were busy. Defenders were busy. And

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a

Can the Security Platform Finally Deliver for the Mid-Market?

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

CentryNex

Related News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Can the Security Platform Finally Deliver for the Mid-Market?

Company

Services

Contact Us