"Security researchers have discovered a live infection in which an infostealer has stolen the configuration files of an OpenClaw AI agent. The attack was carried out through a broad file-theft routine that automatically searched for sensitive file extensions and specific folder names, including .openclaw. The malware was not specifically designed for OpenClaw; it arose by chance from capturing the operational context of the victim's AI assistant. What makes the attack particularly serious is the combination of stolen data."
"With the privateKeyPem, an attacker can sign messages as the victim's device and potentially bypass "Safe Device" checks. But most disturbing is the theft of soul.md and the memory files AGENTS.md and MEMORY.md. These files contain the AI agent's personality and behavioral instructions, along with daily activity logs, private messages, and calendar items belonging to the user. The stolen soul.md file states that the agent should "be bold with internal actions" such as reading, organizing, and learning."
An infostealer performed a live infection that harvested OpenClaw AI agent configuration and memory files by scanning for sensitive extensions and folders such as .openclaw. The attacker obtained openclaw.json with the user's email and a high-entropy Gateway Token that could allow remote connection to a local OpenClaw instance if ports are exposed. The device.json file with public and private cryptographic keys was stolen, enabling an attacker with privateKeyPem to sign messages and potentially bypass Safe Device checks. The agent's soul.md, AGENTS.md, and MEMORY.md containing personality, behavioral instructions, logs, private messages, and calendar items were also exfiltrated. Infostealer developers may develop specialized modules to decrypt agent files as AI agents integrate into workflows.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]