Devs looking for OpenClaw get served a GhostClaw RAT

A malicious npm package named "@openclaw-ai/openclawai" impersonates the legitimate OpenClaw CLI installer to deploy a multi-stage attack dubbed GhostClaw. During installation, a postinstall script drops an obfuscated first-stage loader that displays a fake installer UI while fetching a second-stage payload. The malware socially engineers victims into entering their system password (allowing up to 5 attempts), then silently harvests browser credentials, SSH keys, cryptocurrency wallets, Apple Keychain data, and iMessage history. It establishes persistence via hidden directories disguised as npm telemetry services and shell hooks. A built-in RAT component enables SOCKS5 proxy tunneling and real-time browser session cloning. JFrog researchers advise treating any npm package that requests system credentials, runs postinstall scripts, or downloads external payloads as suspicious.