Malicious MoltBot Skills Used to Push Password-stealing Malware

Over 230 malicious packages, dubbed “skills,” targeting the OpenClaw AI assistant have been released in a week, posing as legitimate tools to distribute malware that steals sensitive information like API keys and passwords. The malware exploits misconfigurations in OpenClaw's admin interface and employs social engineering tactics to infect users' systems, using a seemingly crucial tool called ‘AuthTool' to deliver payloads. To mitigate risks, users are advised to carefully verify the safety of skills before use and adopt security measures such as isolating the AI assistant in a virtual environment.

https://www.bleepingcomputer.com/news/security/malicious-moltbot-skills-used-to-push-password-stealing-malware/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top