Malicious OpenClaw DeepSeek-Claw skill exploits agentic AI workflows to deliver RAT and stealer

Source Summary

What It Contains

Cybersecurity-Insiders article summarizing the Zscaler ThreatLabZ analysis of the malicious "DeepSeek-Claw" OpenClaw skill campaign delivering Remcos RAT and GhostLoader stealer via supply chain poisoning. Published May 10, 2026 by Jane Devry.

Extracted Claims

• Campaign name: Malicious OpenClaw DeepSeek-Claw skill
• Malware families: Remcos RAT (Windows), GhostLoader (cross-platform Node.js stealer)
• Target: Developers and AI-driven systems using OpenClaw
• Attack chain:
  1. Attacker publishes fake "DeepSeek-Claw" skill on GitHub
  2. SKILL.md contains hidden PowerShell one-liner targeting Windows; npm lifecycle scripts for macOS/Linux
  3. PowerShell downloads MSI from hxxps://cloudcraftshub[.]com/api
  4. MSI drops GoToMeeting executable (G2M.exe) + malicious g2m.dll for DLL sideloading
  5. g2m.dll: shellcode loader with ETW patching, AMSI bypass, Tiny Encryption Algorithm (TEA) in CBC mode with 128-bit key, dynamic API resolution via manual PEB parsing, anti-debugging (PEB BeingDebugged/NtGlobalFlag checks, Sleep timing analysis, INT 3 breakpoint scanning), analysis-tool blocklisting (ida.exe, x64dbg.exe, wireshark.exe), VM mutexes (VMware, VBox, Sandboxie)
  6. macOS/Linux: GhostLoader delivered via obfuscated Node.js payloads in npm lifecycle scripts
  7. Remcos RAT: steals browser session cookies from local SQLite databases to bypass MFA; TLS-encrypted C2 over TCP; config stored in encrypted RC4 resource
• Affected systems: Windows, macOS, Linux

Key IOCs

File IOCs:

• G2M.exe — legitimate signed GoToMeeting executable
• g2m.dll — malicious sideloaded DLL (shellcode loader with ETW/AMSI bypass, TEA cipher)
• MSI installer from cloudcraftshub[.]com

Mutex:

• Rmc-11YWBZ

Remcos config:

• License key: 82536825E700F4C863238A90DD314687

Network IOCs:

• hxxps://cloudcraftshub[.]com/api — MSI download endpoint
• tcp+tls://146[.]19.24[.]131:2404 — Remcos RAT C2
• hxxps://trackpipe[.]dev — GhostLoader C2 (confirmed via article, not in Cryptika source)

Detection signatures: Win32.Backdoor.RemcosRat, Win32.Dropper.RemcosRat (Zscaler)

MITRE ATT&CK Techniques

• T1204.002 — User Execution: Malicious File
• T1574.001 — Hijack Execution Flow: DLL Search Order Hijacking
• T1055 — Process Injection
• Defense evasion via ETW patching and AMSI bypass

New Technical Details in This Source (not in Cryptika)

• Full g2m.dll capability list: ETW patching (overwrites ntdll!EtwEventWrite), AMSI bypass (patches amsi!AmsiScanBuffer to return AMSI_RESULT_CLEAN), TEA/CBC 128-bit encryption, manual PEB parsing for dynamic API resolution, anti-debugging (PEB BeingDebugged/NtGlobalFlag, Sleep timing, INT 3 scanning), analysis-tool blocklisting, VM/sandbox mutex detection
• GhostLoader confirmed as cross-platform (macOS/Linux via npm lifecycle scripts)
• Remcos cookie-theft mechanism: steals browser session cookies from local SQLite databases to bypass MFA
• Remcos C2 protocol: TLS-encrypted TCP over tcp+tls://146[.]19.24[.]131:2404
• Remcos license key: 82536825E700F4C863238A90DD314687

Evidence Quality

Primary research article referencing Zscaler ThreatLabZ analysis. High confidence threat report with explicit IOCs, MITRE ATT&CK mappings, and technical malware analysis details not present in the Cryptika source. Confirms and expands upon the Cryptika source.

Follow-Up

• Update finding finding-malicious-openclaw-deepseek-claw-skill-campaign with additional IOCs (Remcos license key, mutex Rmc-11YWBZ) and new technical details (g2m.dll capabilities, GhostLoader cross-platform delivery, Remcos cookie-theft mechanism, TLS C2 protocol)
• Cross-link with existing Cryptika source record