Sponsor of the Day:
Jerkmate
https://gbhackers.com/ghostclaw-masquerades-as-openclaw/
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data
Mar 10, 2026 - A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT...
developer dataghostclawmasqueradesopenclawbid
https://research.jfrog.com/post/ghostclaw-unmasked/
GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything - JFrog...
The JFrog Security research team has identified a malicious npm package named @openclaw-ai/openclawai. This package masquerades as a legitimate CLI tool called
malicious npm packageghostclawunmaskedimpersonatingopenclaw
https://www.jamf.com/blog/ghostclaw-ghostloader-malware-github-repositories-ai-workflows/
GhostClaw/GhostLoader Malware: GitHub Repositories & AI Workflow Attacks | Jamf Threat Labs
Jamf Threat Labs exposes new GhostClaw/GhostLoader samples using malicious GitHub repos and AI dev workflows to steal macOS credentials via multi-stage...
jamf threat labsgithub repositoriesai workflowghostclawmalware
https://www.jfrogchina.com/blog/ghostclaw/
揭秘 GhostClaw 真面目—— 一个恶意 npm 包伪装成 OpenClaw 窃取一切数据 – JFrog
ghostclawnpmopenclawjfrog