- Pro
- Security
Name changes from Clawdbot to Moltbot to OpenClaw within days fuel impersonation attacks
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: wk1003mike / Shutterstock)
- Copy link
- X
- Threads
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.You are now subscribed
Your newsletter sign-up was successful
An account already exists for this email address, please log in. Subscribe to our newsletter- OpenClaw skills execute locally, giving attackers direct access to sensitive files
- Malicious crypto-themed skills rely on social engineering to trick unsuspecting users
- Users running unverified commands increase exposure to ransomware and malicious scripts
OpenClaw, formerly known as Clawdbot and Moltbot, is an AI assistant designed to execute tasks on behalf of users.
Agent-style AI tools such as OpenClaw are increasingly popular for automating workflows and interacting with local systems, enabling users to run commands, access files, and manage processes more efficiently.
This deep integration with the operating system, while powerful, also introduces security risks, as it relies on trust in user-installed extensions or skills.
You may like-
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams
-
The Moltbot AI assistant rebrand provoked an explosion of interest and scams
-
This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know
Security risks inherent in agent-style AI tools
OpenClaw’s ecosystem allows third-party skills to extend functionality, but these skills are not sandboxed. They are executable code that interacts directly with local files and network resources.
Recent reports show a growing concern: attackers uploaded at least 14 malicious skills to ClawHub, the public registry for OpenClaw extensions, in a short period.
These extensions posed as cryptocurrency trading or wallet management tools while attempting to install malware.
Both Windows and macOS systems were affected, with attackers relying heavily on social engineering.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Users were often instructed to run obfuscated terminal commands during installation, which retrieved remote scripts that harvested sensitive data, including browser history and crypto wallet contents.
In some cases, skills briefly appeared on ClawHub’s front page, increasing the likelihood of accidental installation by casual users.
OpenClaw’s recent name changes have added confusion to the ecosystem. Within days, Clawdbot became Moltbot and then OpenClaw.
You may like-
The Moltbot AI assistant rebrand provoked an explosion of interest and scams
-
This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know
-
Malicious LLMs are letting even unskilled hackers to craft dangerous new malware
Each name change creates opportunities for attackers to impersonate the software convincingly, whether through fake extensions, skills, or other integrations.
Hackers have already published a fake Visual Studio Code extension that impersonates the assistant under its former name, Moltbot.
The extension functioned as promised but carried a Trojan that deployed remote access software, layered with backup loaders disguised as legitimate updates.
This incident shows that even endpoints with official-looking software can be compromised and highlights the need for comprehensive endpoint protection.
The current ecosystem operates almost entirely on trust, and conventional protections such as firewalls or endpoint protection offer little defense against this type of threat.
Malware removal tools are largely ineffective when attacks rely on executing local commands through seemingly legitimate extensions.
Users sourcing skills from public repositories must exercise extreme caution and review each plugin as carefully as any other executable dependency.
Commands that require manual execution warrant additional scrutiny to prevent inadvertent exposure.
Users must remain vigilant, verify every skill or extension, and treat all AI tools with caution.
Via Tom's Hardware
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Efosa UdinmwenFreelance JournalistEfosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking.
View MoreYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
The Moltbot AI assistant rebrand provoked an explosion of interest and scams
This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know
Malicious LLMs are letting even unskilled hackers to craft dangerous new malware
Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe
IBM's AI 'Bob' could be manipulated to download and execute malware
AI browsers are rewriting the rules. Is your security keeping pace?
Latest in Security
Russian hackers are targeting a new Office 365 zero-day, so patch now or face attack
Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe
Malwarebytes and ChatGPT team up to check all of those suspicious texts, emails, and URLs with one simple phrase
AI agent social media network Moltbook is a security disaster - millions of credentials and other details left unsecured
Panera Bread data breach much more serious than we thought - over 5 million customers were hit, new reports claim
Notepad++ hit by suspected Chinese state-sponsored hackers - here's what we know so far
Latest in News
'We're not going to go down the road of pay-to-win or trapping you to buy monetized products' — Sea of Remnants developer discusses microtransactions in the upcoming free-to-play game
Raspberry Pi is now 70% pricier — but there's some promising DDR5 news
No, Ubisoft did actually announce The Division: Definitive Edition but no one saw it, and it's not a remake or remaster like fans expected
Where hi-fi, art and chemistry collide, you get Molecular Audio
I didn't even know Netflix was on the PS3, but it won't matter soon — the streaming app will leave the console after 16 years next month
Independent auditors confirm NordVPN never stores your data – for the 6th time
LATEST ARTICLES- 1Raspberry Pi is now 70% pricier — but there's some promising DDR5 news
- 2Highguard review: Apex Legends’ spiritual successor is a few tweaks from greatness
- 3Jonah Hill directing a comedy? This new Apple TV movie looks like a hit
- 4“It’s nonsense”: Jensen Huang says reports of friction between Nvidia and OpenAI are false
- 5JBL Boombox 4 review: one of the best party speakers you can buy