Huntress — Fake OpenClaw installers spread GhostSocks

AI relevance: OpenClaw is an agent runtime that stores API keys and workflow configs, so poisoned installers can directly compromise AI operations and exfiltrate agent secrets.

• Huntress tracked malicious GitHub repositories posing as OpenClaw installers between February 2–10, 2026.
• The fake repos appeared in Bing AI search results for “OpenClaw Windows,” boosting attacker distribution.
• Windows victims ran installers that dropped information stealers packed with a new “Stealth Packer.”
• The Windows payload also installed GhostSocks, turning infected systems into residential proxies.
• macOS instructions delivered AMOS (Atomic MacOS Stealer) according to the analysis.
• OpenClaw configs can contain API keys and credentials, making info-stealer impact broader than just browser data.
• Huntress notes the campaign did not target a specific industry, indicating wide opportunistic reach.

Why it matters

• Agent runtimes concentrate credentials, tool access, and automation scripts in one place, so installer poisoning creates outsized blast radius.
• Search-result manipulation via AI assistants makes developer tool supply chains a prime target for malware delivery.

What to do

• Only install OpenClaw from official sources; verify publisher/org and releases before running scripts.
• Use application allow-listing or endpoint controls to block unknown installers and GitHub-hosted binaries.
• Rotate OpenClaw tokens/keys and audit agent configs after any suspected infection.
• Monitor for info-stealer and proxy tooling indicators such as GhostSocks and suspicious scheduled tasks.

Sources

• Huntress — “Malware, from the Outside!”: fake OpenClaw installers
• The Register — Malware-laced OpenClaw installers get Bing AI search boost
• Malwarebytes — Beware of fake OpenClaw installers