Gate News reports that on March 23, a malicious software called GhostClaw recently targeted cryptocurrency wallets on macOS systems, primarily focusing on developers. The malware was uploaded to the npm registry as a fake OpenClaw CLI installer package, with the account name openclaw-ai. It went live on March 3 and was taken down on March 10, infecting a total of 178 developers during that period. After installation, the malicious program tricks users into entering their macOS passwords to gain system access, then downloads a second-stage payload called GhostLoader from a remote command and control (C2) server, enabling data theft and remote access. GhostLoader scans Chromium browsers, macOS Keychain, and local storage to extract private keys, seed phrases, SSH keys, cloud credentials, and API tokens for AI platforms. It also monitors the clipboard every 3 seconds to capture sensitive data related to cryptocurrencies. The stolen data is transmitted to the attacker via Telegram, GoFile, and command servers.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
