Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Staff Editor 2026-02-16
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html

Publish Date: 2026-02-16 13:43:00

Source Domain: thehackernews.com

Ravie LakshmananFeb 16, 2026Artificial Intelligence / Threat Intelligence

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment.

“This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI [artificial intelligence] agents,” Hudson Rock said.

Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details. Vidar is an off-the-shelf information stealer that’s known to be active since late 2018.

That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a “broad file-grabbing routine” that’s designed to look for certain file extensions and specific directory names containing sensitive data.

This included the following files –

  • openclaw.json, which contains details related to the OpenClaw gateway token, along with the victim’s redacted email address and workspace path.
  • device.json, which contains cryptographic keys for secure pairing and signing operations within the OpenClaw ecosystem.
  • soul.md, which contains details of the agent’s core operational principles, behavioral guidelines, and ethical boundaries.

It’s worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim’s local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.

“While the malware may have been looking for standard ‘secrets,’ it inadvertently struck gold by capturing the entire operational context of the user’s AI assistant,” Hudson Rock added. “As AI agents like OpenClaw become more integrated into professional workflows,…

Source

More Stories

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy