logo

ChainThink

Stay ahead, master crypto insights

Slowmist CISO: Beware of Malicious OpenClaw Installer Packages Stealing Cryptocurrency Wallet Private Keys and System Credentials

Slowmist CISO: Beware of Malicious OpenClaw Installer Packages Stealing Cryptocurrency Wallet Private Keys and System Credentials

2026-03-10 11:59

View Original

ChainThink report, March 10: According to 23pds, Chief Information Security Officer at SlowMist Technology, intelligence systems have detected a malicious npm package named "@openclaw-ai/openclawai" conducting multi-layered attacks. This malicious package impersonates a legitimate command-line tool called OpenClaw Installer, aiming to exfiltrate users' sensitive information, including system credentials, encrypted wallet private keys, browser data, SSH keys, and Apple Keychain database entries.

Disclaimer: Contains third-party opinions, does not constitute financial advice

Recommended Reading
SlowMist CISO: Attackers Poison Bing AI Search Results, Fabricate OpenClaw Program to Steal User Crypto Assets
SlowMist CISO: Attackers Poison Bing AI Search Results, Fabricate OpenClaw Program to Steal User Crypto Assets
SlowMist CISO: U Disk Version of OpenClaw Poses Security Risks
SlowMist CISO: U Disk Version of OpenClaw Poses Security Risks
Moltbook Exposes 4.75 Million Records, Including 1.5 Million API Access Tokens, Due to Configuration Mismanagement
Moltbook Exposes 4.75 Million Records, Including 1.5 Million API Access Tokens, Due to Configuration Mismanagement
SlowMist CISO: Clawdbot Gateway Exposes Risk, Hundreds of API Keys and Private Chat Records Vulnerable
SlowMist CISO: Clawdbot Gateway Exposes Risk, Hundreds of API Keys and Private Chat Records Vulnerable
SlowMist: MetaMask Hit by Phishing Scam with Fake "2FA Security Verification," Tricking Users into Revealing Mnemonic Phrases
SlowMist: MetaMask Hit by Phishing Scam with Fake "2FA Security Verification," Tricking Users into Revealing Mnemonic Phrases
SlowMist CISO: The Latest Variant of NPM Supply Chain Attack, "Shai-Hulud3.0," Emerges — Be Vigilant Against Potential Threats
SlowMist CISO: The Latest Variant of NPM Supply Chain Attack, "Shai-Hulud3.0," Emerges — Be Vigilant Against Potential Threats
Slowing Mist Alert: Always disconnect from the internet before exporting seed phrases from compromised wallets to transfer assets.
Slowing Mist Alert: Always disconnect from the internet before exporting seed phrases from compromised wallets to transfer assets.