- Cybercriminals exploit OpenClaw’s popularity with fake variants
- Malicious GitHub repos deliver Vidar and GhostSocks malware
- Malvertising campaigns spread tainted installers via Bing
Whenever a new trendy app or software emerges, cybercriminals try to capitalize on it by smuggling tainted, or outright fake, variants. We’ve seen it numerous times before, for example when ChatGPT first came out.
Now, we’re seeing the same with OpenClaw, the open source AI agent platform which grew immensely popular due to its ability to run tasks directly on a computer, such as reading files, sending messages, or running commands. It is currently one of the most popular AI projects, with more than 100,000 stars on GitHub.
However, there are also fake variants on GitHub that deploy various malware families to the victims – and in a new report, security researchers Huntress said the primary payload is Vidar, an infostealer that collects sensitive data such as credentials and user information from apps like Telegram. It is being dropped through loaders that execute the stealer directly in memory.
Malvertising on Bing
The loaders also sometimes deploy GhostSocks, a proxy malware that turns infected machines into residential proxies. Criminals use these proxies to route malicious traffic, often selling it as a service.
According to Huntress, these fakes were added to GitHub on February 2, and remained there until February 10, when they were spotted and removed.
Being hosted on GitHub was dangerous enough, since the platform is regarded as trustworthy and millions of people use it every day (despite it often being used as a launchpad for malware distribution). Making matters worse was a malvertising campaign on Bing.
The researchers said they spotted the attack when a user downloaded and ran the fake installer. “Analysis revealed that this user had searched for the term OpenClaw Windows through Bing and had the AI suggestion link directly to a newly created malicious GitHub repository openclaw-installer,” they explained.
Whenever a new popular app comes along, cybercriminals start advertising fake variants on popular networks. Sometimes they’ll advertise a non-existent premium version, and sometimes a version for an unsupported platform.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1920-80.png
Source link
