MalwareUsed by 1 actor

cluw

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

THREAT ACTORS

Groups observed using it

1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details

unit_42

That command then pulled a macOS infostealer named cluw from a remote server at 2.26.75[.]16.

via cyber security newscybersecuritynews.com

MITRE ATT&CK

Techniques & procedures

9 distinct techniques documented for this family, organized by ATT&CK tactic.

Initial Access

2 techniques

T1195Supply Chain CompromiseEvidence2

Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial fraud schemes that traditional security tools failed to catch.

T1566.002Spearphishing LinkEvidence2

Both embedded a malicious prerequisite block that directed agents to a paste-site redirect lure at rentry[.]co/openclaw-code...

Execution

3 techniques

T1059Command and Scripting InterpreterEvidence1

Both embedded a malicious prerequisite block that directed agents to a paste-site redirect lure at rentry[.]co/openclaw-code, where a Base64-encoded command waited to be run in a terminal window.

T1059.004Unix ShellEvidence1

Base64-encoded curl-pipe-bash dropper: These skills embedded a fake prerequisite block that instructed the agent to decode and execute a Base64-encoded remote payload...

T1204.002Malicious FileEvidence1

OpenClaw is an AI agent that runs third-party skills sourced from ClawHub, a dedicated marketplace. These skills are markdown-driven packages with deep access to local systems. When a malicious skill is installed, it can seize full control of the agent’s identity and execute unauthorized actions through the agent’s own authenticated sessions.

Stealth

2 techniques

T1027Obfuscated Files or InformationEvidence1

Both embedded a malicious prerequisite block that directed agents to a paste-site redirect lure at rentry[.]co/openclaw-code, where a Base64-encoded command waited to be run in a terminal window.

T1036MasqueradingEvidence1

Each of these skills mimicked a legitimate tool. The TradingView skills appeared to be trader productivity aids, and omnicogg passed for a general utility.

Command and Control

2 techniques

T1071Application Layer ProtocolEvidence1

Infostealers: Two skills delivered macOS infostealers. Both connect to command-and-control (C2) infrastructure... Alternative exfiltration channel: A distinct cluster... exfiltrated cryptocurrency private keys via the Telegram Bot API, a C2 channel independent of the shared dropper infrastructure.

T1105Ingress Tool TransferEvidence2

That command then pulled a macOS infostealer named cluw from a remote server at 2.26.75[.]16.

INDICATORS OF COMPROMISE

IOCs tracked for this family

7 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app

Network

3 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes

2 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

Other

2 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting

domain●●●●●●●●●●●●View more in app2 days ago

hash.sha256●●●●●●●●●●●●View more in app2 days ago

ip.v4●●●●●●●●●●●●View more in app2 days ago

hash.sha256●●●●●●●●●●●●View more in app2 days ago

uri●●●●●●●●●●●●View more in app4 days ago

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

cyber security newsNews

Jun 25, 2026

OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud

A macOS infostealer delivered via malicious OpenClaw marketplace skills, retrieved from remote infrastructure and used to steal data from compromised environments.

palo alto networks unit 42 blogNews

Jun 23, 2026

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

A macOS infostealer fetched from attacker infrastructure via a paste-site redirect and Base64-decoded command execution chain in malicious ClawHub skills. It connects to C2 infrastructure and follows the same delivery template as earlier ClawHavoc-style campaigns.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching7

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution1

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping9

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.