Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
Essential information
- Published
- 23/02/2026 22:38
- Modified
- 24/02/2026 08:52
- Tags
- 2026-02-23 ai manipulation amos atomic macos stealer (amos) clawhub macos openclaw skillsmp stealer supply chain attack
- Related entities
- 29 observables, 14 techniques (mitre), 1 malware, 2 others
Description
A new campaign exploits OpenClaw skills to distribute the Atomic MacOS Stealer (AMOS). This evolution in supply chain attacks manipulates AI agentic workflows to install malware. The campaign spans multiple repositories with hundreds of malicious skills uploaded to ClawHub and SkillsMP. The infection chain begins with a seemingly harmless SKILL.md file that installs a prerequisite, leading to the download of a Mach-O universal binary. This AMOS variant steals extensive data, including credentials, browser data, cryptocurrency wallets, and various user documents. It lacks system persistence but expands its reach by exfiltrating Apple and KeePass keychains. The malware uses sophisticated encryption schemes and targets multiple browsers and cryptocurrency wallets.