Security researchers have documented the first real-world instance of information-stealing malware targeting configuration files belonging to the popular OpenClaw AI assistant framework. Formerly known as ClawdBot and MoltBot, OpenClaw operates as a locally running persistent agent that maintains configuration environments containing sensitive authentication data. Hudson Rock detected a live infection where a Vidar infostealer variant exfiltrated files from a victim's ".openclaw" directory during a broad file-grabbing routine.
The stolen files included openclaw.json containing email addresses and gateway tokens, device.json with cryptographic key pairs used for signing operations, and soul.md along with memory files storing daily activity logs and contextual data. Security analysts warn that possession of this combined information could enable complete digital identity compromise, allowing attackers to bypass device verification checks and access encrypted cloud services. The malware's harvesting routine scanned for keywords like "token" and "private key," inadvertently capturing the AI agent's entire operational context.
This development represents a significant evolution in infostealer targeting, moving beyond traditional browser credentials toward AI agent identities. Experts predict that as OpenClaw becomes increasingly integrated into professional workflows, malware developers will likely release specialized modules designed specifically to parse these configuration files. The incident underscores growing security concerns surrounding locally stored AI agent credentials and the need for enhanced protection mechanisms for frameworks that maintain persistent access to sensitive user data.
Read more...