341 Malicious Clawed Skills Found by the Bot They Were Targeting
Essential information
- Published
- 04/02/2026 12:44
- Modified
- 04/02/2026 14:19
- Tags
- 2026-02-04 amos atomic stealer (amos) bot security clawhub crypto wallets malicious skills openclaw supply chain attack typosquatting
- Related entities
- 13 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 2 others
Description
A massive malware campaign dubbed ClawHavoc has been uncovered in the ClawHub marketplace, targeting OpenClaw bots and their users. An AI bot named Alex, working with security researcher Oren Yomtov, discovered 341 malicious skills, including 335 from a single campaign. The malware, identified as Atomic Stealer (AMOS), uses sophisticated techniques to evade detection and steal sensitive data. The attack exploits users' trust in AI assistants, potentially compromising personal and financial information. In response, a new tool called Clawdex has been developed to help bots and users scan for malicious skills before installation.