Researchers have identified a malicious npm package named @openclaw-ai/openclawai that masquerades as an OpenClaw installer to deploy a remote access trojan and steal sensitive data from compromised hosts. The package was uploaded to the npm registry by a user named openclaw-ai on March 3, 2026, and had been downloaded 178 times at the time of disclosure.
According to the report, the package targeted macOS systems and was designed to steal credentials in addition to deploying a RAT. The researchers said the library remained available on the npm registry when their findings were published, increasing the risk that developers looking for OpenClaw-related software could install it.
The package impersonated an installer for OpenClaw, a project Cyberwarzone has previously covered in the ClawJacked OpenClaw security flaw article. The case also fits a broader pattern of software ecosystem abuse seen in earlier incidents such as the Shai-Hulud npm supply-chain attack.
The researchers said the malicious package deployed a remote access trojan after installation and collected sensitive information from infected hosts. The campaign combined brand impersonation with malicious package delivery, using a familiar project name to increase the odds of installation by developers or users seeking OpenClaw tooling.
The report specifically described the package as an OpenClaw installer impersonator and said it stole macOS credentials from compromised devices. The combination of registry exposure, a named uploader account, and a measurable download count made the activity traceable as a targeted software supply-chain threat rather than a generic malware sample.
