Full Report
Think before you download OpenClaw, the AI agent that can manage just about anything, is risky all by itself, but now fake installers for it are wreaking havoc. Users who searched Bing’s AI results for “OpenClaw Windows” were directed to a malicious GitHub repository that delivered information stealers and GhostSocks onto their machines.…
Analysis Summary
# Tool/Technique: Malicious OpenClaw Installer Campaign
## Overview
This attack involves the distribution of malware via fake GitHub repositories masquerading as legitimate installers for "OpenClaw," an AI agent framework. The campaign leverages SEO/Search Engine Poisoning—specifically targeting Bing AI search results—to direct users to a malicious GitHub organization (`openclaw-installer`). The primary goal is the deployment of information stealers and proxy malware to compromise user credentials and enroll machines into a residential proxy network.
## Technical Details
- **Type:** Malware Campaign / Search Engine Poisoning / Trojanized Installer
- **Platform:** Windows (x64)
- **Capabilities:** Credential theft (Telegram, Steam), residential proxy enrollment, anti-VM evasion, in-memory execution.
- **First Seen:** February 2, 2026 (Campaign active through February 10, 2026).
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1584.005 - Compromise Infrastructure: Botnet]
- [T1189 - Drive-by Compromise (via Search Engine Poisoning)]
- **[TA0002 - Execution]**
- [T1204.002 - User Execution: Malicious File]
- [T1053.005 - Scheduled Task/Job: Scheduled Task]
- **[TA0005 - Defense Evasion]**
- [T1027.002 - Obfuscated Files or Information: Software Packing]
- [T1497 - Virtualization/Sandbox Evasion]
- [T1620 - Reflective Code Loading]
- **[TA0006 - Credential Access]**
- [T1555 - Credentials from Password Stores]
- **[TA0011 - Command and Control]**
- [T1090.002 - Proxy: External Proxy (GhostSocks functionality)]
## Functionality
### Core Capabilities
- **Information Stealing:** Utilizes the **Vidar** stealer (via `cloudvideo.exe`) to harvest session data and credentials from applications like Telegram and Steam.
- **Proxy Services:** Deploys **GhostSocks** (`serverdrive.exe`), which converts the victim's machine into a residential proxy node for routing malicious traffic.
- **Dynamic C2 Retrieval:** Vidar variants used in this campaign retrieve Command and Control infrastructure details dynamically to bypass static IP blocking.
### Advanced Features
- **Stealth Packer:** A previously unseen custom packer that utilizes debugging messages to coordinate malware invocation.
- **In-Memory Execution:** Employs Rust-based loaders designed to execute decrypted payloads directly in memory to evade traditional disk-based AV scanning.
- **Anti-Analysis:** Includes checks for mouse movement and VM environment markers before executing the final payload.
- **Persistence:** Creates "hidden ghost scheduled tasks" to ensure the malware persists across reboots.
## Indicators of Compromise
- **File Names:**
- `OpenClaw_x64.exe` (Trojanized installer)
- `cloudvideo.exe` (Vidar stealer)
- `serverdrive.exe` (GhostSocks proxy)
- **Network Indicators:**
- `openclaw-installer[.]github[.]com` (Malicious GitHub Organization)
- `molt-bot[.]github[.]com` (Associated malicious organization)
- TSL-encrypted C2 traffic associated with GhostSocks.
- **Behavioral Indicators:**
- Unexpected creation of Windows Scheduled Tasks.
- Outbound TLS connections to non-standard proxy endpoints.
- Modification of Windows Firewall rules by the "Stealth Packer" component.
## Associated Threat Actors
- **Unidentified:** The threat actor(s) specialize in capitalizing on emerging AI trends (OpenClaw) and utilize GitHub's reputation to maintain persistence for their malicious repositories.
## Detection Methods
- **Signature-based:** Detect known Vidar and GhostSocks binaries via SHA256 hashes.
- **Behavioral detection:**
- Monitoring for processes checking for rapid mouse movement (Anti-VM).
- Monitoring for 7-zip archives that spawn Rust-based child processes reaching out to the network.
- Detection of "Ghost" scheduled tasks created via CLI or non-standard APIs.
## Mitigation Strategies
- **Software Sourcing:** Only download OpenClaw or AI tools from the official, verified GitHub project page; avoid links provided by AI search summaries.
- **Isolation:** Run experimental AI agents and third-party binaries in isolated virtual machines or "sandbox" environments.
- **Privilege Management:** Avoid running AI agents with administrative or privileged service accounts.
- **Network Filtering:** Block outbound traffic to known residential proxy nodes and unauthorized C2 domains.
## Related Tools/Techniques
- **Vidar Stealer:** A common infostealer forked from Arkei.
- **GhostSocks:** A SOCKS5 residential proxy bot.
- **Moltworker:** The legitimate Cloudflare project code used as a "wrapper" for the fake installer.