A technical analysis by JFrog reported that a malicious npm package masquerading as an OpenClaw installer deploys a remote access trojan and steals system credentials and other sensitive data. The package was uploaded to the registry on March 3, 2026, has been downloaded 178 times, and remains available npm package page.
KEY FACTS
- Package @openclaw-ai/openclawai uploaded March 3, 2026
- Downloads 178 downloads reported in registry listing
- Payload postinstall hook drops a RAT and broad information stealer
- Exfiltration data sent to a command and control server, Telegram Bot API, and GoFile.io
The package uses a postinstall hook that re-installs itself globally and sets an executable via the package.json bin field so the tool appears as a command line program.
The embedded setup script displays a fake installer interface with animated progress and a bogus iCloud Keychain prompt that asks for the system password. The script retrieves an encrypted second-stage JavaScript payload from a remote host trackpipe.dev, decodes it, writes it to a temporary file, spawns it as a detached process, and deletes the temporary file after 60 seconds.
The second-stage payload is a large JavaScript information stealer and RAT that targets macOS Keychain entries, cookies and credentials from Chromium browsers, cryptocurrency wallets and seed phrases, SSH keys, and developer cloud credentials. The package also attempts to access data protected by Full Disk Access such as Apple Notes, iMessage history, Safari history, and Mail.
The malware compresses collected data into a tar.gz archive for exfiltration, runs as a persistent daemon that scans the clipboard every three seconds for private key patterns, provides a SOCKS5 proxy, executes remote commands, and can clone a browser profile into a headless Chromium session to reuse authenticated sessions.
WHY IT MATTERS
The package combines social engineering, encrypted payload delivery, and comprehensive data theft in a single npm library. Users who install unfamiliar packages globally on macOS risk exposure of credentials, wallets, and other sensitive data.