Security experts uncovered a large wave of harmful add-ons. More than 230 malicious skills appeared for an open-source AI assistant. These fake tools deliver password-stealing malware to users.
The Viral AI Assistant Malware
The project started as ClawdBot. It quickly changed to Moltbot and now OpenClaw. This local AI helper remembers chats and connects to files, email, and more. However, poor setup creates big security gaps.
Skills act as plug-ins for extra features. Users add them easily to expand what the AI can do. For example, they promise specialized tasks like trading or content tools. Unfortunately, many hide dangerous code.
Rapid Spread of Fake Skills
Between late January and early February, attackers uploaded over 230 bad skills. They posted them on the official registry and code-sharing sites. Most copy each other with random name changes. Some gained thousands of downloads fast.
These skills pretend to offer useful functions. They claim to automate crypto trades or manage social media. Therefore, users install them without much suspicion. In the background, they quietly release malware.
How the Infection Happens
Each skill includes fake documentation. It looks professional and detailed. The instructions push users to install a tool called AuthTool. This step mimics ClickFix attacks.
On macOS, AuthTool runs a hidden command. It downloads the payload from a remote server. On Windows, it grabs a locked ZIP file and extracts it. Once active, the malware starts stealing data.
What the Malware Targets
The stealer grabs many sensitive items. It hunts for API keys from crypto exchanges. It copies wallet files, seed phrases, and browser extensions. Additionally, it pulls SSH keys, cloud logins, Git credentials, and .env files.
On macOS, it bypasses built-in protections. It clears quarantine flags and asks for wide file access. Consequently, it reads Keychain passwords and talks to system services. Victims lose control over private information.
One analysis found 341 malicious skills total. They came from a single ongoing effort. Researchers also spotted 29 fake registry names that trick users with typos. This shows careful planning by attackers.
The AI creator admitted review limits. They cannot check every submission quickly. Therefore, users must verify skills themselves. Trusting everything risks serious data loss.
Prevention Strategies
Users can protect themselves with strong habits. First, run the AI assistant inside a virtual machine. This isolates it from your main system. Second, grant only minimal permissions and block open ports.
Moreover, use continuous monitoring to detect odd file access or network connections early. Scan skills before installation with trusted tools. These steps greatly reduce the chance of stealer malware infections through fake plug-ins.
Sleep well, we got you covered.
