Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions, and eventually redirected to convincingly cloned websites that prompt them to connect their crypto wallets. “The threat actor opens issues in attacker-controlled repositories and tags GitHub users to maximize visibility and reach,” OX researchers said in a blog post. “The linked site is an almost identical clone of open...