GhostClaw Malware Targets Developers via Rogue npm Package
A sophisticated malware campaign, dubbed GhostClaw, has been uncovered, targeting software developers through a malicious npm package disguised as a legitimate tool. The package, @openclaw-ai/openclawai, masquerades as the "OpenClaw Installer" but deploys GhostLoader, a multi-stage infection chain designed to steal credentials, cryptocurrency wallets, SSH keys, browser sessions, and even iMessage conversations.
Discovered by JFrog Security researchers on March 8, 2026, the malware exploits the npm ecosystem, leveraging social engineering to trick developers into installing it. Once executed, the package reinstalls itself globally via a postinstall hook, embedding a malicious binary in the system’s PATH. The infection begins with an obfuscated setup.js dropper, which initiates a covert payload delivery.
GhostClaw’s data exfiltration is extensive, harvesting:
- System passwords and macOS Keychain databases
- Cloud credentials (AWS, GCP, Azure)
- Cryptocurrency seed phrases (BIP-39)
- Browser-saved passwords and credit cards (Chromium-based browsers)
- iMessage history (if Full Disk Access is granted on macOS)
The malware operates across macOS, Linux, and Windows, adapting its credential theft techniques to each platform. Its persistence mechanisms and evasion tactics make it one of the most advanced developer-targeted threats on npm in recent years.
The attack’s social engineering is particularly deceptive. After installation, a fake CLI installer with animated progress bars appears, followed by a spoofed macOS Keychain prompt requesting the user’s admin password. The malware validates attempts against the real OS, while simultaneously fetching an AES-256-GCM-encrypted second-stage payload from trackpipe[.]dev. The decrypted payload 11,700 lines of JavaScript installs a hidden framework disguised as an npm telemetry service, enabling long-term data harvesting.
Affected developers are advised to remove the .npm_telemetry directory, check shell configurations for injected hooks, terminate monitor.js processes, and uninstall the package. Due to the malware’s deep system integration, full credential rotation (including SSH keys, API tokens, and crypto wallets) and browser session revocation are critical. A complete system re-image is recommended for thorough remediation.
Source: https://cybersecuritynews.com/ghostclaw-mimic-as-openclaw/
npm, Inc. cybersecurity rating report: https://www.rankiteo.com/company/npm-inc-
OpenClaw cybersecurity rating report: https://www.rankiteo.com/company/openclawai
"id": "NPMOPE1773123849",
"linkid": "npm-inc-, openclawai",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology/Software Development',
'location': 'Global',
'type': 'Software Developers'}],
'attack_vector': 'Malicious npm Package (Supply Chain Attack)',
'customer_advisories': 'Affected developers advised to remove the '
'.npm_telemetry directory, check shell configurations, '
'terminate monitor.js processes, and uninstall the '
'package. Full credential rotation and system re-image '
'recommended.',
'data_breach': {'data_encryption': 'AES-256-GCM (for second-stage payload)',
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, financial data, '
'authentication credentials)',
'type_of_data_compromised': ['System passwords',
'macOS Keychain databases',
'Cloud credentials '
'(AWS/GCP/Azure)',
'Cryptocurrency seed phrases '
'(BIP-39)',
'Browser-saved passwords/credit '
'cards',
'iMessage history']},
'date_detected': '2026-03-08',
'date_publicly_disclosed': '2026-03-08',
'description': 'A sophisticated malware campaign, dubbed GhostClaw, has been '
'uncovered, targeting software developers through a malicious '
'npm package disguised as a legitimate tool. The package, '
"@openclaw-ai/openclawai, masquerades as the 'OpenClaw "
"Installer' but deploys GhostLoader, a multi-stage infection "
'chain designed to steal credentials, cryptocurrency wallets, '
'SSH keys, browser sessions, and even iMessage conversations.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'affected developers and organizations '
'due to credential compromise',
'data_compromised': 'System passwords, macOS Keychain databases, '
'cloud credentials (AWS/GCP/Azure), '
'cryptocurrency seed phrases, browser-saved '
'passwords/credit cards, iMessage history',
'identity_theft_risk': 'High (PII, credentials, and sensitive data '
'exfiltrated)',
'operational_impact': 'Credential theft, potential unauthorized '
'access to cloud environments, '
'cryptocurrency wallets, and sensitive '
'communications',
'payment_information_risk': 'High (Browser-saved credit cards and '
'payment details stolen)',
'systems_affected': 'macOS, Linux, Windows'},
'initial_access_broker': {'backdoors_established': 'Hidden framework '
'disguised as npm '
'telemetry service',
'entry_point': 'Malicious npm package '
'(@openclaw-ai/openclawai)',
'high_value_targets': 'Developers with access to '
'cloud credentials, '
'cryptocurrency wallets, and '
'sensitive systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Developers must verify npm packages before installation, '
'avoid granting unnecessary permissions (e.g., Full Disk '
'Access), and monitor for suspicious post-install scripts. '
'Supply chain attacks via package managers are '
'increasingly sophisticated.',
'motivation': 'Data Theft (Credentials, Cryptocurrency, Sensitive '
'Information)',
'post_incident_analysis': {'corrective_actions': ['Enhanced npm package '
'vetting processes',
'Developer education on '
'supply chain risks',
'Implementation of '
'automated package scanning '
'tools'],
'root_causes': ['Social engineering (disguised npm '
'package)',
'Exploitation of post-install '
'hooks to execute malicious '
'scripts',
'Lack of package verification by '
'developers']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Verify npm package authenticity before installation',
'Avoid granting unnecessary system permissions',
'Monitor for suspicious post-install scripts or hidden '
'directories',
'Rotate all credentials, SSH keys, and API tokens after '
'potential exposure',
'Revoke browser sessions and clear saved passwords',
'Consider full system re-imaging for thorough remediation',
'Implement multi-factor authentication (MFA) for cloud '
'services and critical accounts'],
'references': [{'date_accessed': '2026-03-08', 'source': 'JFrog Security'}],
'response': {'communication_strategy': 'Advisories issued to affected '
'developers',
'containment_measures': 'Remove .npm_telemetry directory, check '
'shell configurations for injected '
'hooks, terminate monitor.js processes, '
'uninstall the package',
'remediation_measures': 'Full credential rotation (SSH keys, API '
'tokens, crypto wallets), browser '
'session revocation, complete system '
're-image recommended',
'third_party_assistance': 'JFrog Security researchers'},
'title': 'GhostClaw Malware Targets Developers via Rogue npm Package',
'type': 'Malware Campaign',
'vulnerability_exploited': 'Social Engineering (Disguised as Legitimate npm '
'Package)'}