Date: 05/07/2026
Severity: High
Summary
In March 2026, ThreatLabz uncovered an attack chain targeting AI agentic workflows through a malicious OpenClaw framework skill. The attackers used manipulated installation instructions to trick autonomous AI agents into downloading and executing a remote MSI package. This package installs Remcos RAT while bypassing traditional user interaction requirements. A legitimate, digitally signed GoToMeeting executable was abused to sideload a shellcode loader and evade signature-based detection. The in-memory loader patches ETW and AMSI protections, then decrypts the final Remcos RAT payload using the TEA algorithm in CBC mode. For macOS and Linux systems, the campaign deploys an obfuscated Node.js payload that installs GhostLoader to steal sensitive developer data.
Indicators of Compromise (IOC) List
Domains/URLs : | https://cloudcraftshub.com/api http://dropras.xyz/ https://github.com/Needvainverter93/deepseek-claw https://trackpipe.dev https://github.com/Crestdrasnip/Claude-Zeroclaw https://github.com/deborahikssv/Antigravity-claw https://github.com/Rohit24567/HyperLiquid-Claw https://github.com/helenigtxu/TradingView-Claw https://github.com/helenigtxu/blooket https://github.com/FinPyromancerLog/xcode-claw https://github.com/michelleoincx/genspark.ai-openclaw https://github.com/michelleoincx/Bunkr-Downloader-Python https://github.com/sharonubsyq/trading-view-indicator-extension https://github.com/Gentleatvice/seed-phrase-recover-BTC-ETH https://github.com/lunarraveneradicate/robinhood-auto-testnet https://github.com/GoliathSocialBoiler/kalshi-claw-skill https://github.com/Heartflabrace/Doubao-Claw |
IP Address : | 146.19.24.131 |
Hash : | 1c267cab0a800a7b2d598bc1b112d5ce
2A5F619C966EF79F4586A433E3D5E7BA
CC1AF839A956C8E2BF8E721F5D3B7373
2C4B7C8B48E6B4E5F3E8854F2ABFEDB5
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "https://github.com/Rohit24567/HyperLiquid-Claw" or url like "https://github.com/Rohit24567/HyperLiquid-Claw" or siteurl like "https://github.com/Rohit24567/HyperLiquid-Claw" or domainname like "https://github.com/Heartflabrace/Doubao-Claw" or url like "https://github.com/Heartflabrace/Doubao-Claw" or siteurl like "https://github.com/Heartflabrace/Doubao-Claw" or domainname like "https://github.com/helenigtxu/blooket" or url like "https://github.com/helenigtxu/blooket" or siteurl like "https://github.com/helenigtxu/blooket" or domainname like "http://dropras.xyz/" or url like "http://dropras.xyz/" or siteurl like "http://dropras.xyz/" or domainname like "https://github.com/deborahikssv/Antigravity-claw" or url like "https://github.com/deborahikssv/Antigravity-claw" or siteurl like "https://github.com/deborahikssv/Antigravity-claw" or domainname like "https://github.com/michelleoincx/Bunkr-Downloader-Python" or url like "https://github.com/michelleoincx/Bunkr-Downloader-Python" or siteurl like "https://github.com/michelleoincx/Bunkr-Downloader-Python" or domainname like "https://github.com/michelleoincx/genspark.ai-openclaw" or url like "https://github.com/michelleoincx/genspark.ai-openclaw" or siteurl like "https://github.com/michelleoincx/genspark.ai-openclaw" or domainname like "https://github.com/FinPyromancerLog/xcode-claw" or url like "https://github.com/FinPyromancerLog/xcode-claw" or siteurl like "https://github.com/FinPyromancerLog/xcode-claw" or domainname like "https://github.com/Needvainverter93/deepseek-claw" or url like "https://github.com/Needvainverter93/deepseek-claw" or siteurl like "https://github.com/Needvainverter93/deepseek-claw" or domainname like "https://github.com/Gentleatvice/seed-phrase-recover-BTC-ETH" or url like "https://github.com/Gentleatvice/seed-phrase-recover-BTC-ETH" or siteurl like "https://github.com/Gentleatvice/seed-phrase-recover-BTC-ETH" or domainname like "https://trackpipe.dev" or url like "https://trackpipe.dev" or siteurl like "https://trackpipe.dev" or domainname like "https://github.com/sharonubsyq/trading-view-indicator-extension" or url like "https://github.com/sharonubsyq/trading-view-indicator-extension" or siteurl like "https://github.com/sharonubsyq/trading-view-indicator-extension" or domainname like "https://cloudcraftshub.com/api" or url like "https://cloudcraftshub.com/api" or siteurl like "https://cloudcraftshub.com/api" or domainname like "https://github.com/lunarraveneradicate/robinhood-auto-testnet" or url like "https://github.com/lunarraveneradicate/robinhood-auto-testnet" or siteurl like "https://github.com/lunarraveneradicate/robinhood-auto-testnet" or domainname like "https://github.com/GoliathSocialBoiler/kalshi-claw-skill" or url like "https://github.com/GoliathSocialBoiler/kalshi-claw-skill" or siteurl like "https://github.com/GoliathSocialBoiler/kalshi-claw-skill" or domainname like "https://github.com/helenigtxu/TradingView-Claw" or url like "https://github.com/helenigtxu/TradingView-Claw" or siteurl like "https://github.com/helenigtxu/TradingView-Claw" or domainname like "https://github.com/Crestdrasnip/Claude-Zeroclaw" or url like "https://github.com/Crestdrasnip/Claude-Zeroclaw" or siteurl like "https://github.com/Crestdrasnip/Claude-Zeroclaw" |
Detection Query 2 : | dstipaddress IN ("146.19.24.131") or srcipaddress IN ("146.19.24.131") |
Detection Query 3 : | md5hash IN ("1c267cab0a800a7b2d598bc1b112d5ce","CC1AF839A956C8E2BF8E721F5D3B7373","2A5F619C966EF79F4586A433E3D5E7BA","2C4B7C8B48E6B4E5F3E8854F2ABFEDB5")
|
Reference:
https://www.zscaler.com/blogs/security-research/malicious-openclaw-skill-distributes-remcos-rat-and-ghostloader