Malware Spreads via Bing AI Search Results through Fake OpenClaw Installer

Post Views: 1

Cybercriminals Leverage Bing AI Search Results to Spread OpenClaw Malware

Cybersecurity researchers have uncovered a malicious campaign that manipulated Bing’s AI-powered search suggestions to distribute a fake installer for the OpenClaw AI agent, leading to the spread of malware.

The Scam

The scam relied on the credibility of GitHub, a trusted platform for open-source projects, and the legitimacy provided by Bing’s AI search results.

The malicious repository, which was active on GitHub between February 2 and February 10, appeared to be a legitimate source for the OpenClaw installer. However, it contained a hidden executable file, OpenClaw_x64.exe, stored inside a compressed 7-Zip archive. When executed, the file deployed multiple malicious components, including the Vidar Stealer malware, designed to extract sensitive information from infected devices.

Malware Components

Vidar Stealer can steal credentials and account data from services such as Telegram and Steam, as well as other stored information.
The installer delivered the GhostSocks proxy malware, which converts infected computers into residential proxy nodes.
These compromised systems can be used by cybercriminals to route malicious traffic, hide their real locations, and access stolen accounts without triggering fraud detection systems.

Stealth Packer

The attackers employed a previously unseen tool, Stealth Packer, to conceal the malware and evade detection. This tool performs various stealth operations, including creating hidden scheduled tasks, modifying firewall rules, and detecting whether the malware is running inside a virtual machine before activating the payload.

Incident Response

After the incident was reported, GitHub removed the malicious repository and associated accounts. However, researchers warned that similar accounts and organizations may have been created to distribute comparable malware, suggesting a larger campaign.

Conclusion

The incident highlights the speed at which attackers exploit trending technologies to target users. As AI tools gain popularity, fake installers and malicious repositories can pose significant threats. To mitigate these risks, users should exercise caution when searching for software online, verify the authenticity of download sources, and keep their systems and software up to date.

Researchers emphasize the importance of vigilance in the face of emerging AI technologies, which can be leveraged by attackers to spread malware and compromise user systems. By taking necessary precautions, users can significantly reduce the risk of malware infections and protect themselves from sophisticated cyber threats.