Over 400 Malicious OpenClaw Packages Distributed via ClawHub and GitHub Using MoltBot AI Skills
Artificial_IntelligenceBreaking_NewsCyber_CrimeMalwareSecurityCybercrimeHackinghacking_newsinformation_security_newsIT_Information_SecuritymalwareMoltBotOpenClaw_packagesPierluigi_PaganiniSecurity_AffairsSecurity_News
Between late January and early February 2026, more than 400 malicious OpenClaw packages were published on ClawHub and GitHub, exploiting MoltBot capabilities to spread password-stealing malware. These packages masqueraded as cryptocurrency trading tools. The campaign abused AI skills for Claude Code and MoltBot, targeting users of these platforms. No additional technical details about the infection mechanisms or precise impacts are mentioned.