ATTACKERS are seeding fake OpenClaw installers on GitHub, boosted by Bing AI search results, to deliver Vidar infostealer and GhostSocks rather than the desired AI assistant. According to researchers at Huntress, malicious GitHub repositories posed as OpenClaw Windows installers, including a repo called openclaw-installer, which were added on February 2 and removed around February 10 after being reported.
OpenClaw itself is described as an open-source, self-hosted AI agent that runs locally with broad permissions to read and write files, run shell commands, and interact with chat apps, email, calendars and cloud services. The article notes that Bing results pointed victims to these GitHub repositories, and that the installers dropped Vidar directly into memory, with GhostSocks sometimes deployed as well to turn the system into a residential proxy node.
It advises users who downloaded an OpenClaw installer from GitHub after a Bing search in early February to assume their system is compromised until proven otherwise, and provides steps to recover, including disconnecting the device, running a full system scan, and reviewing recent logins.