Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
09 March 2026
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for