Malicious npm Package Impersonates OpenClaw Installer to Deploy RAT

Cybersecurity researchers identified a malicious npm package named "@openclaw-ai/openclawai" that impersonates an OpenClaw installer to deploy a remote access trojan (RAT) and exfiltrate sensitive data from compromised systems. The package was uploaded to the npm registry on March 3, 2026, by a user account "openclaw-ai" and has been downloaded 178 times. The threat specifically targets macOS credentials and remains available on the registry. No CVE IDs or additional technical indicators were disclosed in the report.