A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser data, cryptocurrency wallets, SSH Keys, and Apple Keychain databases before establishing persistence. “The attack is notable for its broad data collection, its use of social engineering to harvest the victim’s system password, and the sophistication of its persistence and C2 infrastructure,” JFrog researchers said in a blo...