MAL-2026-1321 Malicious code in @openclaw-ai/openclawai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f93eed751f0a289cca2167f2999e3757984b82f1dc815e9a68dd05b5a95b23d The package @openclaw-ai/openclawai was found to contain malicious code. Source: ghsa-malware...

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan RAT and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai...