- A malicious npm package posing as an OpenClaw AI installer has been deployed to steal passwords, cryptocurrency wallets, and sensitive data from macOS users.
- The malware, nicknamed GhostLoader, employs sophisticated social engineering, including fake installation screens and keychain prompts, to harvest the victim’s system password.
- Once installed, it deploys a full remote access trojan (RAT) capable of cloning live browser sessions, monitoring clipboards, and exfiltrating stolen data to command servers.
Cybersecurity researchers at JFrog uncovered a malicious npm package masquerading as an OpenClaw installer, which was uploaded to the registry on March 3, 2026, and has been downloaded 178 times. This package deploys a remote access trojan designed to steal system credentials, crypto wallets, and a vast array of sensitive information from compromised hosts.
The malicious logic triggers via a postinstall hook that globally re-installs the package. Consequently, the first-stage dropper script displays a convincing fake command-line interface with animated progress bars.
After the fake installation, a bogus iCloud Keychain prompt asks users for their system password. Meanwhile, the script retrieves an encrypted second-stage payload from the C2 server trackpipe[.]dev.
The second-stage JavaScript, a sophisticated information stealer and RAT framework, exfiltrates data from macOS Keychain, Chromium browsers, and cryptocurrency wallets. It also steals SSH keys, cloud credentials, and AI agent configurations, according to the JFrog report.
Security researcher Meitar Palas said “The attack is notable for its broad data collection, its use of social engineering to harvest the victim’s system password, and the sophistication of its persistence and C2 infrastructure.”
The malware also enters a persistent daemon mode to monitor the clipboard for private keys and crypto addresses. Furthermore, it can clone a victim’s live browser session, giving attackers full authenticated access.
Finally, the collected data is compressed and exfiltrated through multiple channels. The package combines social engineering, encrypted payloads, and a persistent RAT into a single dangerous threat.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
