TI Mindmap HUB
Threat Intelligence Report

Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader

๐Ÿ“… May 8, 2026 ๐Ÿ“ฐ www.zscaler.com ๐Ÿ” 0 CVE(s) referenced

Threat actors are weaponizing AI agentic workflows by disguising malware as OpenClaw "skills," tricking autonomous agents and developers into installing Remcos RAT and GhostLoader for persistent access and data theft across Windows, macOS, and Linux.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle