OpenClaw Security Guide
Back to Threat Intel
sourcearticleAgent: OpenClaw

Malicious OpenClaw DeepSeek-Claw skill exploits agentic AI workflows to deliver RAT and stealer

Cryptika analysis of a malicious OpenClaw "DeepSeek-Claw" skill campaign delivering Remcos RAT and GhostLoader stealer via supply chain poisoning of the OpenClaw skill ecosystem.

openclawsupply-chainmalicious-skillremcosghostloaderdll-sideloadingcredential-theftagentic-ai

Date

May 10, 2026

First Seen

May 10, 2026

Last Reviewed

May 11, 2026

Publisher

Cryptika

Source Type

article

View source

Related reading

OpenClaw Security Guide

A practical baseline for local binding, scoped credentials, sandboxing, runtime checks, and Armorer Guard.

Securing OpenClaw with Armorer Guard

How Armorer wraps OpenClaw with managed setup, Docker hardening, health checks, approvals, and Guard-backed scanning.

Subscribe via RSSFollow on TelegramGet email updates

Get email updates

Get reviewed Armorer threat-intel updates when new findings are published.

Source Summary

What It Contains

Cryptika analysis of a malicious OpenClaw "DeepSeek-Claw" skill campaign delivering Remcos RAT and GhostLoader stealer via supply chain poisoning of the OpenClaw skill ecosystem.

Extracted Claims

  • Campaign name: Malicious OpenClaw DeepSeek-Claw skill
  • Malware families: Remcos RAT (Windows), GhostLoader (cross-platform stealer)
  • Target: Developers and AI-driven systems using the OpenClaw framework; automated AI workflows
  • Attack chain:
    1. Attacker publishes fake "DeepSeek-Claw" skill on GitHub
    2. Skill contains hidden PowerShell commands in SKILL.md file
    3. Downloads MSI installer from threat actor-controlled server
    4. MSI drops legitimate GoToMeeting executable + malicious DLL (DLL sideloading)
    5. DLL patches security tools in memory, then launches payload
    6. Remcos RAT opens encrypted C2 channel; GhostLoader steals credentials/keys
  • TTPs: Supply chain poisoning, DLL sideloading, obfuscated scripts in npm lifecycle hooks, fake password prompts
  • Affected systems: Windows, macOS, Linux
  • Source: Zscaler ThreatLabZ analysis, March 2026

Key IOCs

  • MD5: 1c267cab0a800a7b2d598bc1b112d5ce ("DeepSeek-Claw" skill)
  • MD5: 2A5F619C966EF79F4586A433E3D5E7BA (MSI installer)
  • URL: hxxps://cloudcraftshub[.]com/api (MSI download)
  • URL: hxxp://dropras[.]xyz/ (MSI download)
  • IP: 146[.]19.24[.]131:2404 (Remcos C2)
  • URL: hxxps://trackpipe[.]dev (GhostLoader C2)

Evidence Quality

Primary analysis by Cryptika referencing Zscaler ThreatLabZ research. High confidence threat report with explicit IOCs.