GLOBAL SITUATIONMONITORING

482 published briefsUTCSun, Apr 5 17:04:14

Intelligence Tag

npm

npm ecosystem tag

2 intelligence briefs← Intelligence Hub

Malicious npm package posing as OpenClaw installer deploys RAT, steals macOS credentials

Researchers say a malicious npm package named @openclaw-ai/openclawai masqueraded as an OpenClaw installer, deployed a remote access trojan, and stole sensitive data from macOS systems after being uploaded by a user named openclaw-ai on March 3, 2026.

Peter Chofield

Mar 16, 2026

1–2 minutes
PhantomRaven Malware Found in 126 npm Packages, Stealing GitHub Tokens

PhantomRaven exploits npm packages to steal GitHub tokens and CI/CD secrets, Koi Security says.

Reza Rafati

Nov 15, 2025

1–2 minutes