How did fake OpenClaw installers spread?

The malicious GitHub repo became the top suggestion in Bing AI search results for OpenClaw Windows, exploiting SEO poisoning.

Are fake OpenClaw installers still active?

The original repos were removed Feb 10, 2026, but duplicates appeared within a day. Always download OpenClaw only from the official repository.

How do I verify my OpenClaw installation is legitimate?

Only install from github.com/openclaw/openclaw. Check the repository owner and avoid any third-party installer repos.

What malware did fake OpenClaw installers deliver?

Vidar credential stealer (stealing Telegram, Steam credentials) and GhostSocks malware for traffic routing through victim systems.

What is the fake OpenClaw installer malware?

Attackers created malicious GitHub repos posing as OpenClaw Windows installers that delivered Vidar credential stealer and GhostSocks proxy malware.

← Back to dashboard

clawsmith.com/signal/fake-openclaw-installers-bing-ghostsocks-malware

⚠ IssueWide OpenLive

Fake OpenClaw installers boosted by Bing AI deliver GhostSocks and Vidar malware

Malicious GitHub repos posing as OpenClaw Windows installers reached top Bing AI search results. Delivered Vidar credential stealer and GhostSocks proxy malware. Active Feb 2-10 2026. Covered by 6+ major security outlets.

Product Idea from this Signal

A CI/CD security gate that blocks OpenClaw deployments failing CVE, config, and network exposure checks

892 ▲

OpenClaw has accumulated 138+ CVEs in under 3 months, with 220,000+ instances exposed to the internet and 63% running without authentication. Kaspersky declared it unsafe for use. Existing tools (SecureClaw, Carapace, ClawSec) run audits after deployment, but nothing blocks a bad deployment from going live. This is a pre-deploy security gate that integrates into CI/CD pipelines, runs automated CVE version checks, config hardening validation, and network exposure scans, and fails the deploy if the instance doesn't meet a configurable security baseline.

CLICI-CDSECURITYDEVOPSOPEN-SOURCE

CompetitiveView Opportunity →