OpenClaw Data Breach: Infostealer Malware Exfiltrates Sensitive Files
Infostealer Breach Exposes Sensitive OpenClaw Configuration Files
A recent cybersecurity incident has highlighted the growing threat of malware targeting artificial intelligence (AI) agents. Researchers at Hudson Rock have discovered that an infostealer malware has exfiltrated sensitive configuration files from OpenClaw, a popular open-source AI agent. This breach marks a significant shift in the tactics, techniques, and procedures (TTPs) of malware authors, who are now targeting AI agents in addition to traditional credential theft.
Compromised Files and Potential Risks
OpenClaw AI agents have gained widespread adoption as personal and professional assistants, with extensive access to users’ systems and services. The compromised files, including openclaw.json, device.json, and soul.md, contain sensitive information that could allow attackers to remotely connect to the victim’s local OpenClaw instance, sign messages on behalf of the victim’s device, and gain insight into the victim’s personal or professional life.
The openclaw.json file, described as the OpenClaw agent’s “central nervous system,” contains the victim’s address, OpenClaw workspace path, and a gateway token that could be used to connect to the local OpenClaw instance if port 18789 is exposed. The device.json file contains public and private keys used for secure pairing and signing operations, which could be exploited by attackers to bypass “Safe Device” checks and access paired cloud services.
The “soul.md” and memory files offer a detailed view of the OpenClaw agent’s internal instructions, context, and knowledge about the user, including sensitive personal or professional information, private messages, and calendar data. By combining this information with the extracted tokens and cryptographic secrets, an attacker could potentially orchestrate a total compromise of the user’s digital identity.
Incident Response and Future Risks
This incident is one of the first publicly reported cases of malware exfiltrating sensitive OpenClaw files. The breach highlights the growing need for specialized security measures to protect AI agents and their associated data. As AI agents become increasingly integrated into professional workflows, the incentive for malware authors to develop targeted “AI-stealer” modules will only grow.
In response to previous security incidents, OpenClaw has partnered with VirusTotal to scan its ClawHub marketplace for malicious skills. However, this latest breach underscores the need for continued vigilance and collaboration between AI developers, security researchers, and users to mitigate the risks associated with AI-powered systems.
About Author
English