“Malware, from the Outside!”: How a Threat Actor Used Fake OpenClaw Installers to Infect Systems with GhostSocks and Information Stealers

Threat actors exploited the popularity of OpenClaw by poisoning Bing AI search results with malicious GitHub repositories hosting fake installers, which deployed stealthy information stealers and GhostSocks proxy malware to compromise both Windows and macOS systems, enabling credential theft and bypassing anti-fraud protections.