{"id":4527,"date":"2026-02-17T09:37:01","date_gmt":"2026-02-17T09:37:01","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/17\/infostealer-targets-openclaw-to-loot-victims-digital-life\/"},"modified":"2026-02-17T09:37:01","modified_gmt":"2026-02-17T09:37:01","slug":"infostealer-targets-openclaw-to-loot-victims-digital-life","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/02\/17\/infostealer-targets-openclaw-to-loot-victims-digital-life\/","title":{"rendered":"Infostealer Targets OpenClaw to Loot Victim\u2019s Digital Life"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Security researchers claim to have documented a major shift in the infostealer landscape after witnessing the first live attack targeting an OpenClaw configuration environment.<\/p>\n<p>Formerly known as Clawdbot and Moltbot, OpenClaw is a popular agentic AI assistant that runs locally on a user\u2019s machine.<\/p>\n<p>The permissions users grant it to access sensitive data and systems,\u00a0insecure default settings and plaintext storage of secrets have raised eyebrows in the security community.<\/p>\n<p>Now threat actors appear to be actively hunting for those secrets, according to Hudson Rock.<\/p>\n<p>\u201cThe infostealer utilized a broad file-grabbing routine designed to sweep for sensitive file extensions and specific directory names (like\u00a0.openclaw),\u201d the firm wrote in a blog post yesterday.<\/p>\n<p>\u201cWhile the malware may have been looking for standard \u2018secrets,\u2019 it inadvertently struck gold by capturing the entire operational context of the user\u2019s AI assistant.\u201d<\/p>\n<p><em>Read more on OpenClaw: Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot\/OpenClaw.<\/em><\/p>\n<p>The infostealer documented by Hudson Rock stole:<\/p>\n<ul>\n<li>The openclaw.json file, which enabled it to retrieve the victim\u2019s email address, workspace path and high-entropy gateway token. The latter could enable an attacker to remotely connect to a local OpenClaw instance via an exposed port, or impersonate the client in authenticated requests to the AI gateway, the report noted<\/li>\n<li>The device.json file which contains the publicKeyPem and privateKeyPem of the user\u2019s device. These\u00a0are used for secure pairing and signing operations in OpenClaw. An attacker with the private key could apparently bypass \u201csafe device\u201d checks, and access encrypted logs or paired cloud services<\/li>\n<li>The soul.md and memory files (agents.md, memory.md), which provide a threat actor with \u201ca blueprint of the user\u2019s life.\u201d Hudson Rock warned that the memory files likely contained sensitive daily logs of user activities, calendar events and private messages<\/li>\n<\/ul>\n<p>\u201cHudson Rock\u2019s AI system, Enki, performed an automated risk assessment on the exfiltrated files,\u201d the report continued. \u201cThe analysis demonstrates how an attacker can leverage these disparate pieces of information, including tokens, keys, and personal context, to orchestrate a total compromise of the user\u2019s digital identity.\u201d<\/p>\n<h2><strong>A New Era<\/strong><\/h2>\n<p>The infostealer spotted in this attack was not specially designed to target ClawdBot or similar tools, but that is likely to change in the near future, Hudson Rock said.<\/p>\n<p>\u201cAs AI agents like OpenClaw become more integrated into professional workflows, infostealer developers will likely release dedicated modules specifically designed to decrypt and parse these files, much like they do for Chrome or Telegram today,\u201d it predicted.<\/p>\n<p>\u201cBy stealing OpenClaw files, an attacker does not just get a password; they get a mirror of the victim\u2019s life, a set of cryptographic keys to their local machine, and a session token to their most advanced AI models.\u201d<\/p>\n<p>Security experts have previously warned of a shadow AI risk if users link OpenClaw to enterprise systems.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers claim to have documented a major shift in the infostealer landscape after witnessing the first live attack targeting an OpenClaw configuration environment. Formerly known as Clawdbot and Moltbot, OpenClaw is a popular agentic AI assistant that runs locally on a user\u2019s machine. The permissions users grant it to access sensitive data and systems,\u00a0insecure<\/p>\n","protected":false},"author":2,"featured_media":4528,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4527","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4527-4742fa0f-5e53-40e0-85cc-31d5fb8489a9-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4527"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4527\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4528"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}