- Cybercriminals take advantage of OpenClaw popularity with fake variants
- Malicious GitHub repositories deliver Vidar and GhostSocks malware
- Malvertising campaigns spread tainted installers through Bing
Every time a new trendy app or software emerges, cybercriminals try to profit from it by smuggling tainted or completely fake variants. We’ve seen this many times before, for example when ChatGPT first appeared.
Now we’re seeing the same thing with OpenClaw, the open source AI agent platform that became immensely popular due to its ability to execute tasks directly on a computer, such as reading files, sending messages, or executing commands. It is currently one of the most popular AI projects, with more than 100,000 stars on GitHub.
However, there are also fake variants on GitHub that deploy various malware families for victims, and in a new report, security researchers Huntress said the main payload is Vidar, an information stealer that harvests sensitive data such as credentials and user information from apps like Telegram. It is removed via loaders that run the thief directly in memory.
Malvertising on Bing
Sometimes, uploaders also deploy GhostSocks, a proxy malware that turns infected machines into residential proxies. Criminals use these proxies to route malicious traffic and often sell it as a service.
According to Huntress, these fakes were added to GitHub on February 2 and remained there until February 10, when they were detected and removed.
Being hosted on GitHub was quite dangerous, as the platform is considered trustworthy and millions of people use it every day (even though it is often used as a launching pad for malware distribution). To make matters worse, there was a malvertising campaign on Bing.
Researchers said they detected the attack when a user downloaded and ran the fake installer. “Analysis revealed that this user had searched for the term OpenClaw Windows through Bing and had the AI suggestion link directly to a newly created malicious GitHub repository,” they explained.
Every time a new popular app appears, cybercriminals start advertising fake variants on popular networks. Sometimes they advertise a non-existent premium version and sometimes a version for an unsupported platform.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
