Huntress researchers said actors used a malicious repository on GitHub to lure victims into downloading a bogus OpenClaw installer that delivered infostealer malware and the GhostSocks proxy. The fake installer was given greater legitimacy by being hosted on GitHub and its high ranking in Bing AI searches.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/03/latest-openclaw-security-risk-fake-github-repositories-used-to-deploy-infostealers/
