.png)
1 hour ago
2
In brief
- Attackers utilized fake GitHub accounts to tag developers, claiming they had won $5,000 successful $CLAW tokens and directing them to a cloned OpenClaw site.
- OX Security said the phishing leafage utilized heavy obfuscated JavaScript and a abstracted C2 server to drain connected wallets and fell activity.
- The accounts were created past week and deleted wrong hours of launch, with nary confirmed victims truthful far.
OpenClaw’s viral emergence has drawn an disfigured caller broadside effect: crypto scammers are present utilizing the AI cause project’s sanction to people developers successful a phishing run aimed astatine draining their wallets.
Security level OX Security published a report connected Wednesday detailing an progressive phishing run targeting OpenClaw successful which menace actors make fake GitHub accounts, unfastened contented threads successful attacker-controlled repositories, and tag dozens of developers.
The scammer posts GitHub issues telling developers, “Appreciate your contributions connected GitHub. We analyzed profiles and chose developers to get OpenClaw allocation,” and claims they person won $5,000 worthy of $CLAW tokens, directing them to a fake website that intimately resembles openclaw.ai. The tract includes an added “Connect your wallet” fastener designed to trigger wallet theft.
OX Security probe squad pb and a co-author of the report, Moshe Siman Tov Bustan, told Decrypt they uncovered grounds the scam effort bears resemblance to a run that "spread connected GitHub, relating to Solana."
"[We're still] analyzing the behaviour and the narration of these campaigns," Bustan added.
The phishing run surfaced weeks aft OpenAI CEO Sam Altman announced OpenClaw creator Peter Steinberger would lead its propulsion into idiosyncratic AI agents, with OpenClaw transitioning to a foundation-run open-source project.
That mainstream illustration and the framework's relation with 1 of the astir salient names successful AI marque its developer assemblage an progressively charismatic target.
OX Security said it had antecedently assessed the attackers whitethorn beryllium utilizing GitHub's prima diagnostic to place users who person starred OpenClaw-related repositories, making the lure look much targeted and credible.
The platform’s investigation recovered the wallet-stealing codification buried wrong a heavy obfuscated JavaScript record called "eleven.js."
"According to who that was targeted and the user's reports connected GitHub," the run targeted lone users who "starred the OpenClaw GitHub repository," Bustan said. "During our analysis, we recovered lone 1 code belonging to the menace actor, which hadn't sent oregon received immoderate funds yet."
After deobfuscating the malware, researchers identified a built-in "nuke" relation that wipes each wallet-stealing information from the browser's section retention to frustrate forensic analysis.
The malware tracks idiosyncratic actions via commands specified arsenic PromptTx, Approved, and Declined, relaying encoded data, including wallet addresses, transaction values, and names, backmost to a C2 server.
Researchers identified 1 crypto wallet code they judge belongs to the menace actor, 0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5, utilized to person stolen funds.
The accounts were created past week and deleted wrong hours of launch, with nary confirmed victims truthful far, according to OX Security.
Decrypt has reached retired to Peter Steinberger for comment.
OpenClaw's crypto magnet problem
OpenClaw, a self-hosted AI cause model that lets users tally persistent bots connected to messaging apps, email, calendars, and ammunition commands, hit 323,000 GitHub stars pursuing its acquisition by OpenAI past month.
That visibility rapidly attracted atrocious actors, with OpenClaw creator Peter Steinberger saying crypto spam flooded OpenClaw’s Discord astir “every fractional hour,” forcing bans and ultimately a broad prohibition aft what helium described to Decrypt arsenic “nonstop coin promotion.”
Unlike chat-based AI tools, OpenClaw agents persist, aftermath connected a schedule, store representation locally, and execute multi-step tasks autonomously.
OX Security recommends blocking token-claw[.]xyz and watery-compost[.]today crossed each environments, avoiding connecting crypto wallets to recently surfaced oregon unverified sites, and treating immoderate GitHub contented promoting token giveaways oregon airdrops arsenic suspicious, peculiarly from chartless accounts.
Users who precocious connected a wallet should revoke approvals immediately, the level warned.
Editor's note: Adds remark from OX Security's Bustan
Daily Debrief Newsletter
Start each time with the apical quality stories close now, positive archetypal features, a podcast, videos and more.
English (US) ·