OpenClaw configuration and memory files containing API keys, authentication tokens, private keys, and agent memories were exfiltrated in the first reported in-the-wild infostealer compromise, likely a Vidar variant, enabling potential full compromise of a user’s AI agent identity. Researchers warn infostealers will increasingly target agent frameworks as they become widespread, and Tenable also disclosed a separate max-severity remote flaw in Nanobot (CVE-2026-2577) that was patched. #OpenClaw #Vidar #HudsonRock #Nanobot #CVE-2026-2577
Keypoints
- Infostealers have been observed exfiltrating OpenClaw’s configuration and memory files containing tokens and private keys.
- Hudson Rock attributes the observed theft to a likely Vidar infostealer variant that scans for keywords like “token” and “private key”.
- Stolen files (openclaw.json, device.json, soul.md, and memory files) can enable device impersonation, access to cloud services, and exposure of private communications.
- Researchers predict infostealers will increasingly target agent frameworks as OpenClaw adoption grows and agents integrate into professional workflows.
- Tenable found and the Nanobot project patched a max-severity flaw (CVE-2026-2577) that could have allowed WhatsApp session hijacking via exposed instances.