Threat researchers at Huntress uncovered a campaign where bad actors created fake GitHub repositories impersonating OpenClaw, a popular self-hosted AI personal assistant, to distribute malicious installers. The fraudulent installers used a packer called 'Steal Packer' to deploy infostealers and GhostSocks proxy malware on Windows, and Atomic MacOS Stealer (AMOS) on macOS. The malicious repository gained credibility by appearing as a top result in Bing AI searches and being hosted under a convincing GitHub organization name. GitHub removed the repositories after Huntress reported them, but researchers found three additional similar malicious accounts continuing the campaign. The incident highlights risks of trusting software solely because it's hosted on reputable platforms.
Table of contents
New Technology Attracts Bad ActorsAbusing Trust‘Bloated’ ExecutablesTargeting macOSSort: