341 OpenClaw skills distribute macOS malware via ClickFix instructions

Created 2/10/2026 at 12:16:47 AM • Edited 2/10/2026 at 12:17:30 AM

https://cyberinsider.com/341-openclaw-skills-distribute-macos-malware-via-clickfix-instructions/?utm_source=chatgpt.com

A major supply-chain attack has been uncovered within the ClawHub skill marketplace for OpenClaw bots, involving 341 malicious skills.

For macOS users, the instructions led to glot.io-hosted shell commands that fetched a secondary dropper from attacker-controlled IP addresses such as 91.92.242.30. The final payload, a Mach-O binary, exhibited strong indicators of the AMOS malware family, including encrypted strings, universal architecture (x86_64 and arm64), and ad-hoc code signing. AMOS is sold as a Malware-as-a-Service (MaaS) on Telegram and is capable of stealing:
Keychain passwords and credentials
Cryptocurrency wallet data (60+ wallets supported)
Browser profiles from all major browsers
Telegram sessions
SSH keys and shell history
Files from user directories like Desktop and Documents

exfiltration-attacks prompt-injection security llm

Public