Malware - AI-Assisted ‘OpenClaw Trap’ Campaign Targets Users

What Happened

A newly discovered malware campaign, dubbed the OpenClaw Trap, has been stealthily spreading through fake GitHub repositories. This campaign primarily targets software developers, gamers, Roblox players, and crypto users. Internally tracked as TroyDen’s Lure Factory, it deploys a custom LuaJIT trojan that has been meticulously crafted to bypass automated security tools. The attackers cleverly designed a convincing GitHub repository named AAAbiola/openclaw-docker, which masquerades as a legitimate Docker deployment tool for the OpenClaw AI project.

The repository is impressively polished, complete with a detailed README and installation instructions for both Windows and Linux. To enhance its credibility, the attacker employed real contributors and created throwaway accounts to artificially inflate its star ratings. This strategic manipulation helped push the repository to the top of developer search results, making it more likely to be downloaded by unsuspecting users.

Who's Being Targeted

The campaign's victims include a broad spectrum of users, particularly those involved in software development and gaming. The malicious packages have been found in various forms, including gaming cheats and scripts for Roblox. Each victim’s machine is geolocated upon execution, and a complete desktop screenshot is captured and sent to a command and control (C2) server located in Frankfurt, Germany. With eight confirmed IP addresses supporting the same load-balanced backend, the infrastructure is designed for high-volume exploitation.

Researchers at Netskope Threat Labs uncovered this campaign after identifying a trojanized package that utilized advanced behavioral evasion techniques to escape detection by automated analysis systems. The attack’s sophistication indicates a well-resourced threat actor behind it, capable of orchestrating such a complex operation.

Signs of Infection

One of the most distinctive features of this malware campaign is its innovative payload structure. Each malicious ZIP package contains three components: a batch file named Launch.bat, a renamed LuaJIT runtime called unc.exe, and an obfuscated Lua script disguised as license.txt. Individually, these files appear harmless to automated scanners. However, when executed together, they activate the trojan, which then performs multiple anti-analysis checks to ensure it is not running in a sandbox environment.

If the environment passes these checks, the payload executes and begins its malicious activities. It captures a full desktop screenshot and uploads it to the C2 server, all while remaining undetected. The campaign's ability to evade detection by exploiting standard sandbox analysis methods makes it particularly dangerous for users who may unknowingly download these compromised packages.

How to Protect Yourself

If you have downloaded any packages from the affected GitHub repositories, it is crucial to treat your machine as compromised. Look for signs of unauthorized access and take immediate action to secure your system. Security teams should prioritize any GitHub downloads that pair a renamed interpreter with an opaque data file. Deploy the published indicators of compromise (IOCs) into endpoint detection and response (EDR) and network monitoring tools.

Additionally, all outbound connections to the confirmed C2 IP addresses should be blocked at the firewall level. This proactive approach will help mitigate the risk posed by the OpenClaw Trap campaign and protect users from falling victim to this sophisticated malware.