Executive Summary
In February 2026, threat actors exploited the popularity of OpenClaw, an open-source AI agent, by creating malicious GitHub repositories posing as legitimate OpenClaw installers. These repositories were promoted through Microsoft's Bing AI-enhanced search results, leading users to download and execute malware-laden installers. Upon execution, these installers deployed various malicious payloads, including the Vidar information stealer and GhostSocks proxy malware, compromising sensitive user data and converting infected machines into proxy nodes for further malicious activities. This incident underscores the evolving tactics of cybercriminals who leverage trusted platforms and emerging technologies to distribute malware. The use of AI-enhanced search results to promote malicious content highlights the need for enhanced vigilance and security measures in AI-driven platforms and search engines.
Why This Matters Now
The incident highlights the urgent need for enhanced security measures in AI-driven platforms and search engines, as cybercriminals increasingly exploit trusted platforms and emerging technologies to distribute malware.
Attack Path Analysis
Attackers created malicious GitHub repositories posing as legitimate OpenClaw installers, which were promoted by Bing AI search results, leading users to download and execute malware. Upon execution, the malware deployed information stealers and proxy tools, enabling unauthorized data access and system control. The malware established command and control channels to exfiltrate sensitive information and maintain persistent access. Exfiltrated data included credentials from applications like Telegram and Steam, compromising user privacy and security. The impact resulted in unauthorized access to user accounts and potential misuse of personal data.
Kill Chain Progression
Initial Compromise
Description
Attackers created malicious GitHub repositories posing as legitimate OpenClaw installers, which were promoted by Bing AI search results, leading users to download and execute malware.
Related CVEs
CVE-2026-25253
CVSS 8.8A cross-site WebSocket hijacking vulnerability in OpenClaw's Control UI allows attackers to execute arbitrary code remotely via a crafted link.
Affected Products:
OpenClaw OpenClaw – < 2026.1.29
Exploit Status:
exploited in the wildCVE-2026-26320
CVSS 6.5A vulnerability in OpenClaw's macOS desktop client allows attackers to execute arbitrary commands by manipulating deep link messages.
Affected Products:
OpenClaw OpenClaw macOS Desktop Client – 2026.2.6 - 2026.2.13
Exploit Status:
exploited in the wildCVE-2026-26321
CVSS 7.5A path traversal vulnerability in OpenClaw's Feishu extension allows attackers to read arbitrary local files via manipulated mediaUrl values.
Affected Products:
OpenClaw OpenClaw – < 2026.2.14
Exploit Status:
exploited in the wildCVE-2026-26322
CVSS 7.6A server-side request forgery (SSRF) vulnerability in OpenClaw's Gateway tool allows attackers to send unauthorized requests to internal resources.
Affected Products:
OpenClaw OpenClaw – < 2026.2.14
Exploit Status:
exploited in the wildCVE-2026-27485
CVSS 4.4An information disclosure vulnerability in OpenClaw's skill packaging script allows unintended inclusion of local files via symlink attacks.
Affected Products:
OpenClaw OpenClaw – <= 2026.2.17
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.
Compromise Software Dependencies and Development Tools: Supply Chain Compromise
User Execution: Malicious File
Masquerading
Command and Scripting Interpreter: PowerShell
Application Layer Protocol: Web Protocols
Screen Capture
Archive Collected Data: Archive via Utility
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
High risk from malicious GitHub repositories distributing infostealers targeting developers. AI-powered search poisoning compromises software supply chain security and intellectual property protection.
Information Technology/IT
Critical exposure to proxy malware and credential theft affecting IT infrastructure management. Compromised systems become attack vectors for lateral movement and data exfiltration.
Computer/Network Security
Security professionals targeted through legitimate tool searches becoming infostealer victims. Compromised security teams enable broader organizational breaches and compliance violations.
Financial Services
Stolen credentials enable proxy-based fraud bypassing anti-fraud systems. Vidar stealer threatens customer data protection requiring HIPAA and PCI compliance enforcement mechanisms.
Sources
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malwarehttps://www.bleepingcomputer.com/news/security/bing-ai-promoted-fake-openclaw-github-repo-pushing-info-stealing-malware/Verified
- Malware-laced OpenClaw installers get Bing AI search boosthttps://www.theregister.com/2026/03/04/fake_openclaw_installers_malware/Verified
- Fake OpenClaw Installers Promoted via Bing AI Search Deliver Info-Stealing Malwarehttps://abit.ee/en/cybersecurity/hackers-and-attacks/openclaw-malware-bing-ai-search-vidar-ghostsocks-github-cybersecurity-news-enVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the malware's ability to move laterally, access sensitive data, and exfiltrate information by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The malware's ability to establish initial connections may have been constrained, reducing the likelihood of successful execution.
Control: Zero Trust Segmentation
Mitigation: The malware's ability to escalate privileges and access sensitive data could have been limited, reducing the scope of unauthorized control.
Control: East-West Traffic Security
Mitigation: The malware's ability to move laterally within the network may have been constrained, reducing the potential for widespread compromise.
Control: Multicloud Visibility & Control
Mitigation: The malware's ability to establish and maintain command and control channels could have been limited, reducing the risk of data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The malware's ability to exfiltrate sensitive data may have been constrained, reducing the risk of data breaches.
The overall impact of the attack could have been limited, reducing the extent of unauthorized access and data misuse.
Impact at a Glance
Affected Business Functions
- Software Development
- IT Operations
- Customer Support
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of sensitive user credentials and internal communications.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict unauthorized lateral movement within the network.
- • Deploy Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Utilize Threat Detection & Anomaly Response systems to identify and respond to malicious activities promptly.
- • Ensure Cloud Firewall (ACF) configurations are in place to filter and block malicious outbound connections.
- • Educate users on verifying the authenticity of software sources and the risks associated with downloading from untrusted repositories.
