OpenClaw AI Skills Weaponized to Mass‑Distribute Malware

Threat actors have begun publishing malicious OpenClaw AI “skills” that masquerade as legitimate voice‑assistant applications. VirusTotal analyses of dozens of newly submitted samples show the skills automatically retrieve additional payloads from remote servers and execute them on the host system, effectively turning a benign‑looking AI extension into a dropper for ransomware, info‑stealers, and other malware families.

The automation eliminates the need for user interaction, allowing attackers to scale infections across any environment where OpenClaw AI skills are installed. Defenders should prioritize monitoring for unauthorized OpenClaw skill installations, enforce strict network egress controls to block unknown download endpoints, and integrate threat‑intelligence feeds that flag these malicious skill hashes. Early detection and blocking of the skill payloads can prevent large‑scale compromise and limit the attack surface introduced by third‑party AI extensions.

Categories: AI Security & Threats, Malware & Ransomware, Threat Intelligence

Source: Read original article