Malicious npm Package Steals macOS Credentials

Malicious npm Package Steals macOS Credentials

Malicious npm Package Steals macOS Credentials through a disguised developer tool. Researchers recently discovered the threat in a public code registry. However, the package pretended to install a popular software tool.

The package used the name “@openclaw-ai/openclawai.” Attackers uploaded it on March 3, 2026. Although downloads were limited, the risk remained serious.

Security analysts reported the campaign under the name GhostClaw. Therefore, they believe the attackers designed it for advanced data theft. The malicious library targeted developers working on macOS systems.

Disguised Installer Tricks Developers

The malware spread by pretending to be a software installer. However, it used social engineering to trick victims. Developers believed they were installing a legitimate command-line tool.

The attack started with a post-install script. This script automatically reinstalled the package globally. Therefore, the malware became available across the system. The installer also created a command-line interface. It displayed progress bars and installation messages. As a result, users believed the software installed normally.

Fake Security Prompt Steals Passwords

After the fake installation finished, the malware displayed another prompt. However, this prompt imitated a macOS security dialog. It requested the system password for authorization.

Many users trusted the prompt. Therefore, they entered their credentials without suspicion. The malware captured the password immediately.

Meanwhile, the script downloaded a hidden payload from a remote server. It decrypted the file and executed it silently. Afterward, the malware deleted the temporary file to hide evidence.

Advanced Data Theft and Surveillance

The second-stage payload contained thousands of lines of code. It acted as both a data stealer and a remote access tool. Therefore, attackers gained broad access to the infected system.

The malware targeted sensitive macOS data. For example, it collected information from the system keychain. It also stole browser credentials and stored cookies. Additionally, the malware searched for cryptocurrency wallets. It attempted to steal seed phrases and private keys. Therefore, attackers could access digital assets.

Targeting Developer and Cloud Credentials

The malware also targeted developer environments. It searched for credentials used in cloud platforms and development tools. For example, it attempted to collect keys used for cloud infrastructure.

It also scanned for SSH keys and configuration files. Therefore, attackers could access servers or repositories. These credentials often provide deep system access. The malware also targeted AI configuration files. Therefore, attackers might exploit automated tools and cloud services.

Persistent Access and Remote Control

The malware installed a persistent remote access component. This allowed attackers to control infected systems remotely. Therefore, they could execute commands anytime.

The tool also created a SOCKS5 proxy connection. This proxy allowed attackers to route traffic through the victim’s system. As a result, the compromised device became part of a hidden network.

Another dangerous feature involved browser cloning. The malware launched a hidden browser instance using stored profiles. Therefore, attackers could access active sessions without needing passwords.

Data Exfiltration and Monitoring

The malware compressed stolen data into an archive file. Then, it sent the file to remote servers controlled by attackers. However, it also used multiple channels for exfiltration.

For example, the malware could send data through messaging APIs or file-sharing platforms. Therefore, blocking one channel would not stop the attack. It also monitored clipboard activity continuously. Every few seconds, it checked for sensitive patterns. If it found keys or wallet addresses, it sent them to attackers.

How to Prevent Malicious npm Package Attacks

Developers should review open-source packages carefully before installing them. For example, they should verify maintainers and check repository activity. However, supply chain attacks can still bypass manual checks.

Organizations should implement dependency monitoring and runtime threat detection tools. These solutions identify suspicious scripts during installation and execution. In addition, continuous vulnerability assessments can detect risky packages in development pipelines. Therefore, companies can reduce the risk of malicious npm packages compromising developer systems.

Sleep well, we got you covered.