Infostealer Malware Discovered Stealing OpenClaw Secrets for the First Time

Post Views: 7

Cybercriminals Target OpenClaw AI Assistant with Information-Stealing Malware

Cybercriminals have begun targeting the OpenClaw agentic AI assistant, a popular tool used to manage everyday tasks, with information-stealing malware.

The Malware Attack

The malware, identified as a variant of the Vidar infostealer, has been spotted stealing sensitive files associated with OpenClaw, including API keys, authentication tokens, and other secrets.

The attack, documented by Hudson Rock, occurred on February 13, 2026, and involved the theft of several files from the “.openclaw” configuration directory.

The stolen files included openclaw.json, device.json, soul.md, and memory files, which contained sensitive information such as gateway authentication tokens, public and private keys, and contextual data.

According to Hudson Rock, the stolen data could potentially enable a full compromise of the victim’s digital identity.

The Risks of AI Assistants

The attack highlights the risks associated with the use of AI assistants, which often handle sensitive data and have relatively lax security postures.

Hudson Rock had predicted this development, calling OpenClaw “the new primary target for infostealers” due to the highly sensitive data it handles.

The Malware’s Capabilities

The Vidar infostealer variant used in the attack does not specifically target OpenClaw, but instead executes a broad file-stealing routine that scans for sensitive files and directories containing keywords like “token” and “private key.”

The malware’s ability to steal sensitive files from OpenClaw is a significant development in the evolution of infostealer behavior.

Related Development

In a related development, Tenable discovered a max-severity flaw in nanobot, an ultra-lightweight personal AI assistant inspired by OpenClaw.

The flaw, tracked under CVE-2026-2577, could potentially allow remote attackers to hijack sessions via exposed instances.

The team behind the project released fixes for the flaw in version 0.13.post7.

Conclusion

The increasing popularity of AI assistants like OpenClaw and nanobot has created new attack surfaces for cybercriminals.

As these tools become more integrated into professional workflows, it is essential to prioritize their security and implement robust measures to prevent information theft and other malicious activities.