> TritonInfoSec News
Home / Mar 10, 2026 / Story
0
#8 The Hacker News general March 09, 2026 at 18:31 UTC

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

By [email protected] (The Hacker News)

AI Summary

A malicious npm package named "@openclaw-ai/openclawai" masquerades as an OpenClaw installer to deploy a remote access trojan and steal macOS credentials. The package, uploaded by user "openclaw-ai" on March 3, 2026, has been downloaded 178 times and remains available on the npm registry.

Read full article → https://thehackernews.com/2026/03/malicious-npm-pa…

Relevance score: 72.0/100

# More from March 10

  1. 1
    New Attack Against Wi-Fi Schneier on Security
  2. 2
    FBI investigating ‘suspicious activities’ on agency network following February incident The Record
  3. 3
    Dutch govt warns of Signal, WhatsApp account hijacking attacks BleepingComputer
  4. 4
    UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device The Hacker News
  5. 5
    ShinyHunters claims ongoing Salesforce Aura data theft attacks BleepingComputer
  6. 6
    Microsoft Teams phishing targets employees with backdoors BleepingComputer
  7. 7
    Ericsson US discloses data breach after service provider hack BleepingComputer
  8. 9
    Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft The Hacker News
  9. 10
    Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure The Hacker News