Infostealer Malware Found Stealing OpenClaw Secrets for First Time

OpenClaw’s rapid rise as a locally‑run AI agent framework has made it a staple in productivity pipelines, from email automation to cloud‑service orchestration. The platform stores its operational parameters, authentication tokens, and cryptographic keys in a hidden ".openclaw" directory, effectively acting as a vault for the assistant’s identity. Because the files are plain‑text and often contain high‑entropy secrets, they present an attractive target for threat actors seeking to leverage legitimate AI capabilities for malicious purposes.

The February 13 incident uncovered by Hudson Rock illustrates how traditional infostealers are evolving. A Vidar‑derived sample executed a generic file‑search routine, flagging any document containing keywords like "token" or "private key". When it encountered OpenClaw’s configuration bundle—openclaw.json, device.json, and the soul.md memory files—it harvested API credentials, private PEM keys, and personal context data. With these artifacts, an adversary could spoof the victim’s device, bypass Safe Device checks, and issue authenticated requests to cloud AI services, effectively hijacking the user’s digital persona.

Security professionals should treat AI assistant configurations as critical assets, applying the same hardening measures used for browsers and password managers. Recommendations include encrypting the ".openclaw" directory, enforcing strict file‑system permissions, and integrating endpoint detection that flags bulk file‑access patterns. As AI assistants become embedded in enterprise workflows, the threat landscape will likely see a surge in malware engineered to harvest "agent souls"—the persistent, context‑rich data that powers personalized AI. Proactive monitoring and rapid patching will be essential to prevent the next wave of AI‑focused credential theft.