Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
Essential information
- Published
- 05/05/2026 20:45
- Modified
- 06/05/2026 10:10
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- deepseek-claw ghostloader openclaw remcos
- Tags
- 2026-05-05 deepseek-claw ghostloader openclaw remcos
- Related entities
- 7 indicators, 7 observables, 16 techniques (mitre), 2 malware, 3 others
Description
In March 2026, threat actors weaponized the OpenClaw AI agent framework by publishing a deceptive "DeepSeek-Claw" skill. This skill embedded malicious installation instructions designed to trick AI agents and developers into executing hidden payloads. On Windows systems, a PowerShell command downloads an MSI package containing a legitimate signed GoToMeeting executable that sideloads a malicious DLL. This loader patches ETW and AMSI for evasion, then decrypts and executes Remcos RAT using TEA encryption, enabling remote access and data theft including keylogging and cookie stealing. An alternate execution path for macOS and Linux delivers GhostLoader through obfuscated Node.js scripts, harvesting credentials via fake sudo prompts and exfiltrating SSH keys, cryptocurrency wallets, and cloud API tokens. This campaign represents an emerging threat vector exploiting autonomous AI workflows and developer trust in open-source frameworks.