Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Date: 02/24/2026

Severity: High

Summary

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer describes a campaign in which threat actors shifted Atomic (AMOS) Stealer from cracked software distribution to a supply chain-style attack targeting AI agentic workflows on platforms like OpenClaw. Attackers embedded hidden malicious instructions in SKILL.md files, abusing AI agents as trusted intermediaries to display fake setup prompts and socially engineer users into entering their passwords via deceptive dialogue boxes. The operation spanned hundreds of uploaded malicious “skills” across repositories, enabling credential theft and exfiltration of Apple and KeePass keychains, as well as user documents, despite the variant lacking persistence mechanisms.

Indicators of Compromise (IOC) List

URLs/Domains

heldinhow/speckit-coding-agent

stveenli/browserautomation-skill

stveenli/shieldphenix

stveenli/ytwatchervideo

thiagoruss0/bear-notes7mcp

thiagoruss0/clawdbot-logs1kzm

thiagoruss0/coding-agent696vg

thiagoruss0/coding-agent9vr

thiagoruss0/coding-agentagb2

thiagoruss0/coding-agentem9ak

thiagoruss0/coding-agentoj9u

thiagoruss0/deep-researchj

thiagoruss0/discord-voicetwhtm

thiagoruss0/finance-news9

thiagoruss0/finance-newsz

thiagoruss0/google-drivezqx

thiagoruss0/instagramjg

thiagoruss0/moltbookwmap4

thiagoruss0/n8nemk

thiagoruss0/perplexityt9d

thiagoruss0/pptx-creatord

thiagoruss0/search-xepv0

thiagoruss0/seo-optimizerc6ynb

thiagoruss0/seo-optimizereq

thiagoruss0/seo-optimizeruu

thiagoruss0/seo-optimizervoo

thiagoruss0/tavily-web-searchajss

thiagoruss0/tavily-web-searchesq

thiagoruss0/telegramb4c

thiagoruss0/todo-tracker1

thiagoruss0/transcribeeqdq6t

thiagoruss0/transcribeexx

thiagoruss0/veo3-genay

thiagoruss0/web-searchod

thiagoruss0/web-searchuigr

thiagoruss0/wechate

thiagoruss0/wechatky8v

thiagoruss0/wechatt9y1

thiagoruss0/youtube37puq

thiagoruss0/youtubea

https://github.com/openclaw/skills/

https://github.com/Demerzels-lab/

https://github.com/kbarbel640-del/

https://github.com/duclm1x1/Dive-Ai/

https://github.com/aztr0nutzs/

https://github.com/YPYT1/All-skills/

https://github.com/Demerzels-lab/

https://openclawcli.vercel.app/

http://91.92.242.30/ece0f208u7uqhs6x

http://91.92.242.30/il24xgriequcys45

http://91.92.242.30/6wioz8285kcbax6v

http://91.92.242.30/6x8c0trkp4l9uugo

http://91.92.242.30/lamq4uerkruo6ssm

http://91.92.242.30/q0c7ew2ro8l2cfqp

http://91.92.242.30/dx2w5j5bka6qkwxi

http://91.92.242.30/1v07y9e1m6v7thl6

http://91.92.242.30/l5ou8r739pc48rwi

http://91.92.242.30/dyrtvwjfveyxjf23

https://socifiapp.com/api/reports/upload

IP Address

91.92.242.30

Hash

5968bd7d3a27a6a17ea73be6ee4b00807e83a786fdfa73cc5d8dbf262426c12c

ca96fe6259d602a22951d5d3e244e1b752bf0d20086f445bf7015c8798e7b95b

a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91

1e6d4b0538558429422b71d1f4d724c8ce31be92d299df33a8339e32316e2298

5adb10e107d5075abf485f52a387fb419d06ad84d0df38e75769783f16862273

95fb8f28d08e19090443bda8bd71bbb79f7c451288a2de6f1ca0ad6fee8b4569

45d8e56bd86960727bcaa4b5c9f7c3422a22723c23ea5b46b6aa9bc42ed1f9f1

0e52566ccff4830e30ef45d2ad804eefba4ffe42062919398bf1334aab74dd65

ec2920e56f2f62c6a2ed1242747980f6f7343c2404b7ae9a6e975b66b1c24b6d

30f97ae88f8861eeadeb54854d47078724e52e2ef36dd847180663b7f5763168

d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073

f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16

ec2920e56f2f62c6a2ed1242747980f6f7343c2404b7ae9a6e975b66b1c24b6d

233a98cb2c5536dabda0944eb2de8d47ad5ce9371a164fe2a8c29d8c55bc240c

f2cb9de40cb8b7e13e7d2b0b3e426f8503781a35d8bba3715395430e9b5eeb38

998c38b430097479b015a68d9435dc5b98684119739572a4dff11e085881187e

5e4696a2cfdc3336b1ecbc17c1642f6bf7d9a34497161659414dae33fe6225d7

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1 :	domainname like "heldinhow/speckit-coding-agent" or siteurl like "heldinhow/speckit-coding-agent" or url like "heldinhow/speckit-coding-agent" or domainname like "stveenli/browserautomation-skill" or siteurl like "stveenli/browserautomation-skill" or url like "stveenli/browserautomation-skill" or domainname like "stveenli/shieldphenix" or siteurl like "stveenli/shieldphenix" or url like "stveenli/shieldphenix" or domainname like "stveenli/ytwatchervideo" or siteurl like "stveenli/ytwatchervideo" or url like "stveenli/ytwatchervideo" or domainname like "thiagoruss0/bear-notes7mcp" or siteurl like "thiagoruss0/bear-notes7mcp" or url like "thiagoruss0/bear-notes7mcp" or domainname like "thiagoruss0/clawdbot-logs1kzm" or siteurl like "thiagoruss0/clawdbot-logs1kzm" or url like "thiagoruss0/clawdbot-logs1kzm" or domainname like "thiagoruss0/coding-agent696vg" or siteurl like "thiagoruss0/coding-agent696vg" or url like "thiagoruss0/coding-agent696vg" or domainname like "thiagoruss0/coding-agent9vr" or siteurl like "thiagoruss0/coding-agent9vr" or url like "thiagoruss0/coding-agent9vr" or domainname like "thiagoruss0/coding-agentagb2" or siteurl like "thiagoruss0/coding-agentagb2" or url like "thiagoruss0/coding-agentagb2" or domainname like "thiagoruss0/coding-agentem9ak" or siteurl like "thiagoruss0/coding-agentem9ak" or url like "thiagoruss0/coding-agentem9ak" or domainname like "thiagoruss0/coding-agentoj9u" or siteurl like "thiagoruss0/coding-agentoj9u" or url like "thiagoruss0/coding-agentoj9u" or domainname like "thiagoruss0/deep-researchj" or siteurl like "thiagoruss0/deep-researchj" or url like "thiagoruss0/deep-researchj" or domainname like "thiagoruss0/discord-voicetwhtm" or siteurl like "thiagoruss0/discord-voicetwhtm" or url like "thiagoruss0/discord-voicetwhtm" or domainname like "thiagoruss0/finance-news9" or siteurl like "thiagoruss0/finance-news9" or url like "thiagoruss0/finance-news9" or domainname like "thiagoruss0/finance-newsz" or siteurl like "thiagoruss0/finance-newsz" or url like "thiagoruss0/finance-newsz" or domainname like "thiagoruss0/google-drivezqx" or siteurl like "thiagoruss0/google-drivezqx" or url like "thiagoruss0/google-drivezqx" or domainname like "thiagoruss0/instagramjg" or siteurl like "thiagoruss0/instagramjg" or url like "thiagoruss0/instagramjg" or domainname like "thiagoruss0/moltbookwmap4" or siteurl like "thiagoruss0/moltbookwmap4" or url like "thiagoruss0/moltbookwmap4" or domainname like "thiagoruss0/n8nemk" or siteurl like "thiagoruss0/n8nemk" or url like "thiagoruss0/n8nemk" or domainname like "thiagoruss0/perplexityt9d" or siteurl like "thiagoruss0/perplexityt9d" or url like "thiagoruss0/perplexityt9d" or domainname like "thiagoruss0/pptx-creatord" or siteurl like "thiagoruss0/pptx-creatord" or url like "thiagoruss0/pptx-creatord" or domainname like "thiagoruss0/search-xepv0" or siteurl like "thiagoruss0/search-xepv0" or url like "thiagoruss0/search-xepv0" or domainname like "thiagoruss0/seo-optimizerc6ynb" or siteurl like "thiagoruss0/seo-optimizerc6ynb" or url like "thiagoruss0/seo-optimizerc6ynb" or domainname like "thiagoruss0/seo-optimizereq" or siteurl like "thiagoruss0/seo-optimizereq" or url like "thiagoruss0/seo-optimizereq" or domainname like "thiagoruss0/seo-optimizeruu" or siteurl like "thiagoruss0/seo-optimizeruu" or url like "thiagoruss0/seo-optimizeruu" or domainname like "thiagoruss0/seo-optimizervoo" or siteurl like "thiagoruss0/seo-optimizervoo" or url like "thiagoruss0/seo-optimizervoo" or domainname like "thiagoruss0/tavily-web-searchajss" or siteurl like "thiagoruss0/tavily-web-searchajss" or url like "thiagoruss0/tavily-web-searchajss" or domainname like "thiagoruss0/tavily-web-searchesq" or siteurl like "thiagoruss0/tavily-web-searchesq" or url like "thiagoruss0/tavily-web-searchesq" or domainname like "thiagoruss0/telegramb4c" or siteurl like "thiagoruss0/telegramb4c" or url like "thiagoruss0/telegramb4c" or domainname like "thiagoruss0/todo-tracker1" or siteurl like "thiagoruss0/todo-tracker1" or url like "thiagoruss0/todo-tracker1" or domainname like "thiagoruss0/transcribeeqdq6t" or siteurl like "thiagoruss0/transcribeeqdq6t" or url like "thiagoruss0/transcribeeqdq6t" or domainname like "thiagoruss0/transcribeexx" or siteurl like "thiagoruss0/transcribeexx" or url like "thiagoruss0/transcribeexx" or domainname like "thiagoruss0/veo3-genay" or siteurl like "thiagoruss0/veo3-genay" or url like "thiagoruss0/veo3-genay" or domainname like "thiagoruss0/web-searchod" or siteurl like "thiagoruss0/web-searchod" or url like "thiagoruss0/web-searchod" or domainname like "thiagoruss0/web-searchuigr" or siteurl like "thiagoruss0/web-searchuigr" or url like "thiagoruss0/web-searchuigr" or domainname like "thiagoruss0/wechate" or siteurl like "thiagoruss0/wechate" or url like "thiagoruss0/wechate" or domainname like "thiagoruss0/wechatky8v" or siteurl like "thiagoruss0/wechatky8v" or url like "thiagoruss0/wechatky8v" or domainname like "thiagoruss0/wechatt9y1" or siteurl like "thiagoruss0/wechatt9y1" or url like "thiagoruss0/wechatt9y1" or domainname like "thiagoruss0/youtube37puq" or siteurl like "thiagoruss0/youtube37puq" or url like "thiagoruss0/youtube37puq" or domainname like "thiagoruss0/youtubea" or siteurl like "thiagoruss0/youtubea" or url like "thiagoruss0/youtubea"
Detection Query 2 :	domainname like "http://91.92.242.30/6x8c0trkp4l9uugo" or siteurl like "http://91.92.242.30/6x8c0trkp4l9uugo" or url like "http://91.92.242.30/6x8c0trkp4l9uugo" or domainname like "http://91.92.242.30/1v07y9e1m6v7thl6" or siteurl like "http://91.92.242.30/1v07y9e1m6v7thl6" or url like "http://91.92.242.30/1v07y9e1m6v7thl6" or domainname like "https://openclawcli.vercel.app/" or siteurl like "https://openclawcli.vercel.app/" or url like "https://openclawcli.vercel.app/" or domainname like "http://91.92.242.30/il24xgriequcys45" or siteurl like "http://91.92.242.30/il24xgriequcys45" or url like "http://91.92.242.30/il24xgriequcys45" or domainname like "http://91.92.242.30/dx2w5j5bka6qkwxi" or siteurl like "http://91.92.242.30/dx2w5j5bka6qkwxi" or url like "http://91.92.242.30/dx2w5j5bka6qkwxi" or domainname like "http://91.92.242.30/ece0f208u7uqhs6x" or siteurl like "http://91.92.242.30/ece0f208u7uqhs6x" or url like "http://91.92.242.30/ece0f208u7uqhs6x" or domainname like "http://91.92.242.30/6wioz8285kcbax6v" or siteurl like "http://91.92.242.30/6wioz8285kcbax6v" or url like "http://91.92.242.30/6wioz8285kcbax6v" or domainname like "http://91.92.242.30/dyrtvwjfveyxjf23" or siteurl like "http://91.92.242.30/dyrtvwjfveyxjf23" or url like "http://91.92.242.30/dyrtvwjfveyxjf23" or domainname like "http://91.92.242.30/l5ou8r739pc48rwi" or siteurl like "http://91.92.242.30/l5ou8r739pc48rwi" or url like "http://91.92.242.30/l5ou8r739pc48rwi" or domainname like "https://socifiapp.com/api/reports/upload" or siteurl like "https://socifiapp.com/api/reports/upload" or url like "https://socifiapp.com/api/reports/upload" or domainname like "http://91.92.242.30/q0c7ew2ro8l2cfqp" or siteurl like "http://91.92.242.30/q0c7ew2ro8l2cfqp" or url like "http://91.92.242.30/q0c7ew2ro8l2cfqp" or domainname like "http://91.92.242.30/lamq4uerkruo6ssm" or siteurl like "http://91.92.242.30/lamq4uerkruo6ssm" or url like "http://91.92.242.30/lamq4uerkruo6ssm" or domainname like "https://github.com/openclaw/skills/" or siteurl like "https://github.com/openclaw/skills/" or url like "https://github.com/openclaw/skills/" or domainname like "https://github.com/Demerzels-lab/" or siteurl like "https://github.com/Demerzels-lab/" or url like "https://github.com/Demerzels-lab/" or domainname like "https://github.com/kbarbel640-del/" or siteurl like "https://github.com/kbarbel640-del/" or url like "https://github.com/kbarbel640-del/" or domainname like "https://github.com/duclm1x1/Dive-Ai/" or siteurl like "https://github.com/duclm1x1/Dive-Ai/" or url like "https://github.com/duclm1x1/Dive-Ai/" or domainname like "https://github.com/aztr0nutzs/" or siteurl like "https://github.com/aztr0nutzs/" or url like "https://github.com/aztr0nutzs/" or domainname like "https://github.com/YPYT1/All-skills/" or siteurl like "https://github.com/YPYT1/All-skills/" or url like "https://github.com/YPYT1/All-skills/" or domainname like "https://github.com/Demerzels-lab/" or siteurl like "https://github.com/Demerzels-lab/" or url like "https://github.com/Demerzels-lab/"
Detection Query 3 :	dstipaddress IN ("91.92.242.30") or srcipaddress IN ("91.92.242.30")
Detection Query 4 :	sha256hash IN ("ec2920e56f2f62c6a2ed1242747980f6f7343c2404b7ae9a6e975b66b1c24b6d","f2cb9de40cb8b7e13e7d2b0b3e426f8503781a35d8bba3715395430e9b5eeb38","f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16","a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91","998c38b430097479b015a68d9435dc5b98684119739572a4dff11e085881187e","0e52566ccff4830e30ef45d2ad804eefba4ffe42062919398bf1334aab74dd65","ca96fe6259d602a22951d5d3e244e1b752bf0d20086f445bf7015c8798e7b95b","30f97ae88f8861eeadeb54854d47078724e52e2ef36dd847180663b7f5763168","d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073","45d8e56bd86960727bcaa4b5c9f7c3422a22723c23ea5b46b6aa9bc42ed1f9f1","1e6d4b0538558429422b71d1f4d724c8ce31be92d299df33a8339e32316e2298","95fb8f28d08e19090443bda8bd71bbb79f7c451288a2de6f1ca0ad6fee8b4569","5968bd7d3a27a6a17ea73be6ee4b00807e83a786fdfa73cc5d8dbf262426c12c","5adb10e107d5075abf485f52a387fb419d06ad84d0df38e75769783f16862273","233a98cb2c5536dabda0944eb2de8d47ad5ce9371a164fe2a8c29d8c55bc240c","5e4696a2cfdc3336b1ecbc17c1642f6bf7d9a34497161659414dae33fe6225d7")

Reference:

https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments