A malicious npm package has been discovered that impersonates a legitimate tool called OpenClaw Installer. Published under the name@openclaw-ai/openclawai in March 2026, developers have downloaded the package, but it is designed to deliver malware rather than provide a useful utility.
What Happened?
The npm registry is widely used in JavaScript and Node.jsdevelopment, making it easy for developers to install packages. In this case:
- The package was named to appear like the official OpenClaw installer.
- Installing it executes hidden malicious code instead of a legitimate tool.
- The malware, known as Ghost Loader and linked to the GhostClaw campaign, installs a Remote Access Trojan (RAT) and credential-stealing functions on the affected system.
How the Attack Works
- Malicious Package Installation
A developer runs npm install @openclaw-ai/openclawai, thinking it’s a legitimate installer.
- Silent Reinstallation and Persistence
The package automatically reinstalls itself globally and places a hidden binary in the system PATH to remain active.
- Credential Theft
The malware shows a fake password prompt. If the developer enters their password, they can access protected credentials like the macOS Keychain and saved browser data. - Malware Deployment
Once credentials are captured, the malware can:
- Steal passwords, cookies, and browser data
- Harvest SSH keys and cloud service credentials
- Extract cryptocurrency wallet keys and session info
- Install a Remote Access Trojan (RAT) for full system control
- Monitor the clipboard for sensitive information, like private keys
Why This Matters
This attack is significant because it targets trust in the software supply chain trust. Developers often trust packages published to standard repositories like npm without additional verification. A single malicious package in this ecosystem can lead to:
- Credential theft for developer tools and accounts
- Compromise of cloud infrastructure and source code repositories
- Long‑term remote access and lateral movement within internal networks
- Theft of high‑value assets such as cryptocurrencies
Recommendation:
1. Verify Package Authenticity
- Always check the publisher, repository URL, and official sources before installing packages.
- Be cautious if a package name looks like a known tool but has unusual characters or namespaces.
2. Avoid Blind Installations
- Don’t run install commands copied from unverified forums or search results.
- Prefer installing dependencies from locked manifests or trusted registries.
3. Enable Integrity Checks
- Use tools like npm audit, package hashes, or signed packages.
- Consider solutions that enforce dependency signing or attestations.
4. Rotate Credentials After Exposure
If a system has installed the malicious package:
- Remove the package and clear local caches
- Change exposed credentials, including SSH keys, API tokens, and cloud credentials
- Revoke active session tokens
- Scan for other unauthorized software or backdoors
.png)
.png)