Infostealers have evolved into primary entry points for sophisticated global attacks by abusing malicious AI βskillsβ, harvesting OpenClaw configurations (tokens and AI memory), and converting compromised employee credentials into delivery vectors. The resulting infostealer logs feed APT operations, enable high-fidelity sextortion, and have also provided researchers with intelligence linking actors and incidents such as Bitter APT and the ByBit heist. #Infostealer #OpenClaw
Keypoints
- Attackers are uploading malicious AI βskillsβ to public registries that autonomously install Infostealers when agents download them.
- There is a surge in thefts targeting OpenClaw configurations, including authentication tokens and AI βmemoryβ files containing operational context.
- Compromised employee credentials are being used to turn legitimate corporate infrastructure into distribution vectors in a victim-to-vector loop.
- Infostealer logs are directly feeding APT campaigns, exemplified by links between stolen credentials and Bitter APT activity against PTCL.
- Infostealer data enables high-fidelity sextortion and simultaneously provides researchers with intelligence on threat actors, including links to the ByBit heist.
Read More: https://www.infostealers.com/article/2026-infostealer-trends-im-monitoring-at-hudson-rock/