GhostClaw: Infostealer for macOS on GitHub
For a few weeks now, malware that also leverages the OpenClaw hype has been circulating on the developer platform GitHub. Repositories keep appearing.
A GhostClaw-infected software when querying the macOS password.
(Image: Jamf)
Apple systems are currently under increased attack. Following the exploit kit Coruna and the DarkSword malware, which has now appeared on GitHub and could serve as a model for criminals, the macOS infostealer GhostClaw is currently circulating in fake repositories and via npm. It attempts to capitalize on the current boom in AI agents like OpenClaw and hopes to encounter users who are not very familiar with the terminal – and who would type commands there that enable the installation in the first place. Developers looking for OpenClaw tools could also fall into the trap.
“Rug Pull” with Open-Source Software
As the Jamf Threat Labs, among others, have observed, GhostClaw also exploits the fact that development is increasingly AI-assisted. The campaign has apparently been running since the beginning of March; GhostClaw is also sometimes referred to as GhostLoader. The primary installation route was initially the Node.js package manager npm. Now, Jamf Threat Labs has found several GitHub repositories that also serve for distribution. At least eight new samples of GhostClaw have been discovered.
Videos by heise
The problem: Both the npm packages and the material on GitHub present themselves as harmless software or copy well-known products, including SDKs, developer tools, and so-called trading bots for cryptocurrency trading. According to Jamf Threat Labs, this is a form of rug pull: harmless or non-functional code remains active initially, but is then replaced or supplemented by malware components a few weeks later. This approach is apparently intended to deceive users into trust.
Instructions for Malware Installation
Some of the discovered GhostClaw repositories, including the so-called antigravity-pack, even contain a README document that teaches beginners how to install the malware – including password entry. The malicious code can also be installed via OpenClaw, abusing the SKILL system of the AI agent. GhostClaw is also adapted for macOS and generates seemingly authentic dialogs via the Osascript command, through which users are supposed to be coerced into granting permissions. In its analysis, Jamf Threat Labs names various Indicators of Compromise, i.e., files that can be used to detect an infection.
GhostClaw/GhostLoader steals passwords, among other things, is interested in crypto wallets, and aims for full access to the Mac SSD. This ultimately makes anything possible. A remote command-and-control server is also contacted, so attackers could also control the Mac remotely. Users should pay very close attention to which repositories they install or fetch to their Mac via npm. Jfrog Security Research has compiled information on GhostClaw's modus operandi via npm: Jfrog Security Research.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
