Threat actors are increasingly targeting the OpenClaw agentic AI assistant framework, with Hudson Rock reporting the first in-the-wild instance of infostealers harvesting its configuration files. A variant of the Vidar malware was observed exfiltrating sensitive data including openclaw.json and device.json, which contain API keys, authentication tokens, and private keys used for identity verification and cloud service access.
The theft of these files, specifically the agent's "soul" and memory logs, allows attackers to bypass security checks and potentially compromise a victim's entire digital identity. Additionally, a critical vulnerability (CVE-2026-2577) was discovered in the related nanobot framework, highlighting the growing security risks associated with the rapid adoption of local AI agent frameworks and their relatively lax security posture.
Top comments (0)