TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

By rooter

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library is still available for

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

‘InstallFix’ Attacks Spread Fake Claude Code Sites

rooter
Cyber Security

Are We Ready for Auto Remediation With Agentic AI?

rooter
Cyber Security

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

rooter

Leave a Reply

You Missed

News

Apple’s new M5 Max feels like a huge upgrade if you bought your laptop three years ago

News

Apple Studio Display XDR review: pro at a premium

News

Elon Musk Wants a Do-Over on Twitter Trial After Jury Pool Couldn’t Hide Its Disdain

News

Employees across OpenAI and Google support Anthropic’s lawsuit against the Pentagon