ACCORDING to Malwarebytes, Clawdbot was forced to rename to Moltbot in early 2026 after a trademark dispute, and opportunists soon launched an impersonation campaign around the renamed project. Within days, typosquat domains and a cloned GitHub repository appeared, aiming to impersonate the project’s creator and position the infrastructure for a potential supply-chain attack.
The impersonation infrastructure includes domains such as moltbot[.]you, clawbot[.]ai, and clawdbot[.]you, as well as a cloned repository at github[.]com/gstarwd/clawbot that uses a typosquatted variant of the former name. The site behind the impersonation falsely attributes authorship to Peter Steinberger and links to his real GitHub and X profiles, a clear identity misrepresentation, while claiming tens of thousands of stars for the clone.
The analysis notes that, while the code appears clean, the threat model points to early preparation for a supply-chain attack rather than active malware, with Malwarebytes actively blocking all known indicators of compromise associated with the impersonation infrastructure.