Tech News
Back to home
Technology

Malicious OpenClaw ‘skill’ targets crypto users on ClawHubv — 14 malicious skills were uploaded to ClawHub last month

Source

Tom's Hardware

Published

TL;DR

AI Generated

Security researchers have identified 14 malicious "skills" uploaded to ClawHub, a public registry for OpenClaw users, between January 27 and 29. These skills pretend to be crypto trading or wallet tools but actually deliver malware to users' systems. The malware targeted both Windows and macOS users and used social engineering techniques to spread. Users were tricked into running obfuscated terminal commands that fetched and executed remote scripts. The incident highlights the risks of introducing third-party code into OpenClaw's ecosystem, emphasizing the need for caution and scrutiny when installing skills from public registries.

Read Full Article

Similar Articles

Tennessee bans crypto ATMs that have become 'payment portal of choice for scammers' — second state to restrict machines after Indiana

Tennessee bans crypto ATMs that have become 'payment portal of choice for scammers' — second state to restrict machines after Indiana

Tennessee has joined Indiana in banning cryptocurrency ATMs due to their association with scams and fraud, with Minnesota considering similar legislation. The FBI has warned of significant losses due to fraud involving these machines. Despite not being inherently fraudulent, cybercriminals exploit crypto ATMs to steal funds from victims who mistakenly believe they offer the same protections as banks. Law enforcement actions against operators like Bitcoin Depot and Athena Bitcoin highlight the growing concerns around crypto ATM scams, leading to increased regulatory measures across states to protect consumers.

Tom's Hardware
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Grinex, a US-sanctioned cryptocurrency exchange in Kyrgyzstan, announced a $15 million heist allegedly orchestrated by hackers linked to "unfriendly states." TRM researchers confirmed the theft, noting more drained addresses than initially reported by Grinex. The attack targeted Russian users, with Grinex attributing it to a coordinated effort to harm Russia's financial sovereignty. TokenSpot, another Kyrgyzstan-based exchange, was also breached, with both exchanges becoming inoperable on Wednesday. The US Treasury Department had previously sanctioned Grinex's predecessor, Garantex, for facilitating ransomware actors and cybercriminals.

Ars Technica
HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Tom's Hardware
$21 billion stolen from more than 1 million Americans due to cybercrime in 2025 — $11 billion come from stolen crypto, $8.6 billion taken from investment scams, while AI-related attacks cost $893 million

$21 billion stolen from more than 1 million Americans due to cybercrime in 2025 — $11 billion come from stolen crypto, $8.6 billion taken from investment scams, while AI-related attacks cost $893 million

In 2025, cybercrime resulted in $21 billion being stolen from over 1 million Americans, with $11 billion coming from stolen cryptocurrency, $8.6 billion from investment scams, and $893 million from AI-related attacks. The FBI reported that scammers are increasingly using AI to perpetrate crimes, such as creating deepfake videos and fake social profiles. The agency also noted that most losses were due to investment scams, followed by business email compromise and tech/customer support scams. Despite efforts like the Recovery Asset Team freezing over $678 million in stolen funds, scammers continue to exploit technological advancements, making it challenging to combat these crimes.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.