CP
cyberpings
FraudHIGH

Phishing Alert - GitHub Targeted with Fake OpenClaw Tokens

CSCSO Online
OpenClawphishingcrypto walletsGitHubOX Security
🎯

Basically, hackers are tricking developers on GitHub into giving away their crypto wallets.

Quick Summary

A new phishing campaign is targeting GitHub developers with fake OpenClaw token giveaways. Users risk losing their crypto wallets if they connect to malicious sites. Stay alert and avoid engaging with suspicious messages.

What Happened

Threat actors are leveraging the viral popularity of OpenClaw to execute a sophisticated phishing campaign targeting developers on GitHub. The attackers are promoting fake CLAW token airdrops, claiming to offer thousands of dollars in rewards. Developers are lured into malicious GitHub repositories and discussions, ultimately leading them to cloned websites that prompt them to connect their crypto wallets.

The attackers create issues in controlled repositories, tagging GitHub users to maximize visibility. This strategy is designed to exploit the trust developers have in the GitHub platform, making them more likely to engage with the phishing attempts. The cloned site mimics the legitimate openclaw.ai but includes a deceptive “connect your wallet” button aimed at stealing wallet information.

Who's Being Targeted

The phishing campaign specifically targets developers who have shown interest in OpenClaw-related projects. By creating or hijacking repositories and using social engineering tactics, attackers increase the credibility of their scams. Messages sent to potential victims often read, “Appreciate your contributions on GitHub. We analyzed profiles and chose developers to get OpenClaw allocation,” framing the scam as a limited-time offer.

This approach not only captures the attention of developers but also makes the phishing attempts appear more legitimate. The attackers may even use GitHub’s star feature to identify users who have starred OpenClaw repositories, tailoring their messages to seem relevant and personalized.

Signs of Infection

The phishing code is cleverly hidden within a JavaScript file called eleven.js. This code is highly obfuscated, making it difficult to detect. The attackers have set up a command-and-control (C2) server at watery-compost[.]today to collect sensitive information, including wallet addresses and transaction values.

The phishing page, hosted at token-claw[.]xyz, supports multiple crypto wallets, including WalletConnect and MetaMask. The malware also includes a “nuke” function that deletes wallet-stealing information from the browser’s local storage to evade detection. The threat actor’s wallet address has been identified, which is used to receive stolen cryptocurrency.

How to Protect Yourself

To safeguard against this phishing campaign, users should take immediate action. It is crucial to block the phishing domain from all environments and avoid connecting crypto wallets to untrusted websites. Users should be wary of any token giveaway messages from unknown sources and treat them as suspicious.

Additionally, reviewing recent wallet connections and revoking approvals associated with this campaign is advisable. By staying vigilant and informed, developers can protect themselves from falling victim to such scams.

🔒 Pro insight: This campaign illustrates the increasing sophistication of social engineering tactics within developer communities, warranting heightened vigilance.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHFraud

Fraud - UK Sanctions Chinese Crypto Marketplace Xinbi

The UK has sanctioned Xinbi, a Chinese crypto marketplace linked to large-scale fraud. This action aims to disrupt the financial networks behind global scams. By targeting such platforms, authorities hope to protect citizens from becoming victims of cybercrime.

The Record·
HIGHFraud

Fraud - Smuggling Attempt of $170M AI Tech to China Foiled

Three men attempted to smuggle $170 million in AI technology to China. Their illegal scheme involved restricted computer chips, raising serious security concerns. The FBI has intervened, highlighting the risks of tech espionage.

Help Net Security·
HIGHFraud

Fraud - Data Analyst Steals Payroll Database for Ransom

A data analyst stole a payroll database and demanded a hefty ransom. This incident raises alarms about insider threats and data security. Companies must take action to protect sensitive information.

Graham Cluley·
HIGHFraud

Invoice Fraud - NCA Warns UK Construction Sector of Risks

The NCA has alerted UK construction firms about a surge in invoice fraud, costing millions. These scams target finance departments, risking businesses' financial health. Awareness and preventive measures are crucial to combat this rising threat.

Infosecurity Magazine·
HIGHFraud

Fraud - Multi-Channel Impersonation Threats Explained

Social engineering tactics are evolving, making traditional defenses inadequate. Organizations face increased risks from AI-driven impersonation attacks. It's crucial to adapt and strengthen security measures.

SC Media·
HIGHFraud

Data Extortion - Analyst Steals Payroll, Demands Bitcoin

A data analyst stole a payroll database and demanded $2.5 million in Bitcoin. This cyber extortion highlights risks for employees and companies alike. Organizations must act swiftly to protect sensitive data.

Smashing Security·