Malware-laced OpenClaw installers get Bing AI search boost • The Register
Malware-laced OpenClaw installers get Bing AI search boost • The Register
https://www.theregister.com/2026/03/04/fake_openclaw_installers_malware/
Publish Date: 2026-03-04 15:50:00
Source Domain: www.theregister.com
OpenClaw, the AI agent that can manage just about anything, is risky all by itself, but now fake installers for it are wreaking havoc. Users who searched Bing’s AI results for “OpenClaw Windows” were directed to a malicious GitHub repository that delivered information stealers and GhostSocks onto their machines.
The malicious repositories, available on GitHub between February 2 and 10, are yet another example of how quickly scammers co-opt buzzy new technologies and use their popularity to steal credentials and other sensitive data.
In addition to capitalizing on OpenClaw’s popularity, this scam had two other key factors contributing to its success. First, the malware was hosted on GitHub, which users trust. OpenClaw has tens of thousands of forks hosted on GitHub, so users see the fake installers and are more likely to believe it’s legitimate code. Plus, this one was connected to a GitHub organization called openclaw-installer, which made it all the more believable.
Second, the Bing AI search results lent credibility. Simply hosting the malware on GitHub was enough to poison the search results and propel the malicious repo to the top suggestion when someone searched “OpenClaw Windows.”
Huntress’ security researchers spotted the malware on February 9 after a user downloaded and ran the fake installer. “Analysis revealed that this user had searched for the term OpenClaw Windows through Bing and had the AI suggestion link directly to a newly-created malicious GitHub repository openclaw-installer,” Huntress threat analysts Jai Minton and Ryan Dowd said in a Wednesday blog.
The account and repository have since been removed.
There were clues, however, that the repo and the account were phony. The account joined GitHub in September 2025, and didn’t have any public actions until it opened an issue on the official…
