A cyberthreat actor used an information stealer—likely a Vidar variant—to extract sensitive configuration files from an OpenClaw AI agent environment, according to cybersecurity firm Hudson Rock. Rather than a bespoke module, the malware employed a broad file-grabbing routine to capture files including openclaw.json, device.json and “soul.md,” exposing gateway tokens, cryptographic keys and the agent’s operational parameters. The theft could enable remote access to local OpenClaw instances or impersonation of authenticated clients. The incident underscores a shift in infostealer targets from browser credentials to AI agent identities and secrets. In response to broader security concerns, OpenClaw’s maintainers partnered with VirusTotal to scan ClawHub submissions and introduced auditing measures, as researchers also detailed a campaign that hosts payloads on lookalike sites to bypass scans. Additional research flagged non-deletable AI agent accounts on Moltbook and hundreds of thousands of exposed OpenClaw instances at risk of remote code execution. The surge in OpenClaw’s popularity has drawn industry attention; OpenAI CEO Sam Altman said founder Peter Steinberger will join OpenAI as the open-source project transitions to a foundation. The findings highlight expanding supply-chain and access risks as AI agents become embedded in enterprise workflows.
Related articles:
— VirusTotal
— Supply chain attack
— Malware
— Spyware
— Data exfiltration
