Researchers uncovered a malicious npm package, @openclaw-ai/openclawai, that impersonates an OpenClaw installer to deploy a remote access trojan and exfiltrate sensitive data from macOS hosts. The payload, internally identified as GhostLoader, uses a fake CLI and iCloud Keychain prompt to harvest system passwords, install a persistent RAT with SOCKS5 and browser cloning, and exfiltrate data to C2 servers and third-party services. #GhostLoader #OpenClawAI
Keypoints
- A malicious npm package named @openclaw-ai/openclawai was uploaded on March 3, 2026 and has been downloaded 178 times while remaining available on the registry.
- A postinstall hook reinstalls the package globally and runs setup.js, which displays a convincing fake CLI and iCloud Keychain prompt to capture the victimβs system password.
- The second-stage JavaScript (about 11,700 lines), dubbed GhostLoader, is a full RAT and information stealer that targets macOS Keychain, browsers, crypto wallets, SSH keys, and cloud credentials.
- Stolen data is compressed and exfiltrated to the attackerβs C2 (trackpipe[.]dev), Telegram Bot API, and GoFile.io, while the malware maintains persistence and monitors the clipboard for private keys.
- Advanced features include headless browser profile cloning for authenticated sessions, remote command execution, SOCKS5 proxy control, file transfer, and self-update/self-destruct capabilities.
Read More: https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html