"Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details."
"That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data. This included the following files - openclaw.json, which contains details related to the OpenClaw gateway token, along with the victim's redacted email address and workspace path. device.json, which contains cryptographic keys for secure pairing and signing operations within the OpenClaw ecosystem. soul.md, which contains details of the agent's core operational principles, behavioral guidelines, and ethical boundaries."
A case was detected of an information stealer exfiltrating a victim's OpenClaw configuration environment, including gateway tokens, device keys, and agent instruction files. The stealer appears to be a variant of Vidar, an off-the-shelf information stealer active since 2018. The data capture occurred via a broad file-grabbing routine that searches file extensions and specific directory names rather than a custom OpenClaw module. Exfiltrated files included openclaw.json with the gateway token and redacted email, device.json with cryptographic keys, and soul.md containing agent principles and behavioral guidelines. Theft of the gateway token can permit remote connection or request impersonation if the port is exposed, and attackers are likely to increasingly target AI agent configurations.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]