TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

By rooter

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library is still available for

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

rooter
Cyber Security

âš¡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

rooter
Cyber Security

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

rooter

Leave a Reply

You Missed

News

An unlikely set of clues helps reconstruct ancient Chinese disasters

News

Nintendo sues to prevent Trump from dodging full tariff refunds

News

Flexible feline spines shed light on “falling cat” problem

News

Arnold Schwarzenegger Will Be Back… as Conan the Barbarian