Skip to content
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloadedRead More »Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonymsRead More »UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

ClickFix Attack Uses Windows Terminal to Evade Detection

Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek.

New Attack Against Wi-Fi

It’s called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driverRead More »New Attack Against Wi-Fi

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “[email protected]” (BuildMelon), are listed belowRead More »Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Copyright © 2026 infosecintel.net