CP
cyberpings
Malware & RansomwareHIGH

Malicious npm Package Steals macOS Credentials with RAT

THThe Hacker News
npmmalwareRATmacOSOpenClaw
🎯

Basically, a fake software package tricked users and stole their passwords on Macs.

Quick Summary

A malicious npm package disguised as an OpenClaw installer is stealing macOS credentials. Users who downloaded it risk exposing sensitive data. Experts recommend immediate uninstallation and password changes.

What Happened

Imagine downloading a software tool that promises to enhance your productivity, only to find out it’s a trap. Recently, cybersecurity researchers uncovered a malicious npm package disguised as an OpenClaw? installer. This sneaky package, named @openclaw-ai/openclawai, was uploaded to the npm registry? by a user with the handle "openclaw?-ai" on March 3, 2026. So far, it has been downloaded 178 times, which means many users may unknowingly be at risk.

This deceptive package is not just harmless code. It deploys a remote access trojan (RAT), a type of malware that allows attackers to control infected systems remotely. Once installed, the RAT can steal sensitive information, including login credentials and personal data from macOS devices. The implications are serious, as this could lead to identity theft or unauthorized access to sensitive accounts.

Why Should You Care

You might think this issue only affects developers, but it impacts everyone using a Mac. If you’ve downloaded this package, your personal information could be in jeopardy. Imagine leaving your front door unlocked — a thief could easily walk in and take your valuables. That’s what happens when you download malicious? software.

Your bank details, social media accounts, and even work-related information could be exposed. This isn’t just a tech problem; it’s a personal one. Protecting your digital life is as crucial as locking your doors at home. The key takeaway is to always verify software before downloading.

What's Being Done

In response to this threat, cybersecurity experts are urging users to take immediate action. The npm registry? is likely working to remove the malicious? package, but you shouldn’t wait for that. Here’s what you can do right now:

  • Uninstall the package if you’ve downloaded it.
  • Change your passwords for any accounts accessed from the infected device.
  • Monitor your accounts for any suspicious activity.

Experts are closely monitoring the situation to see if the attackers will release updates or new versions of the RAT. Staying informed is your best defense against such threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The use of npm packages for malware distribution highlights the need for stringent package verification practices in development environments.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·
HIGHMalware & Ransomware

New VENON Malware Targets Brazilian Banking Users

A new malware called VENON is targeting Brazilian banking users. This Rust-based threat employs advanced techniques to steal sensitive information. Stay alert and protect your accounts from this evolving danger.

SC Media·
HIGHMalware & Ransomware

FBI Investigates Malware Spread Through Steam Games

The FBI is investigating malware hidden in Steam games. Gamers who installed these titles may have had their accounts compromised. If you played these games, report your experience to help the investigation.

BleepingComputer·
HIGHMalware & Ransomware

Credential Theft: Storm-2561 Spoofs VPN Clients to Steal Logins

A new cybercrime group is spoofing VPN clients to steal user credentials. Cisco and Fortinet users are particularly at risk. Stay alert and ensure you’re downloading software from official sources to protect your data.

The Register Security·
HIGHMalware & Ransomware

Ransomware Responder Allegedly Aided BlackCat Cybercriminals

A cybersecurity responder allegedly aided BlackCat hackers in negotiating higher ransoms. This shocking breach of trust has raised alarms in the industry. DigitalMint has since terminated the involved parties and is enhancing oversight.

The Record·