OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets
Crypto scammers are targeting developers by impersonating the OpenClaw AI agent project in a phishing campaign, aiming to steal digital wallets. Attackers create fake GitHub accounts, post issues in attacker-controlled repositories, and tag developers, claiming they have won $5,000 in $CLAW tokens. Victims are directed to a fraudulent site mimicking openclaw.ai, but with a "Connect your wallet" button that activates wallet-theft malware. The malware, hidden in heavily obfuscated JavaScript, erases traces to hinder investigation and tracks user wallet activity, sending stolen data to a command server. Attackers target developers who starred OpenClaw-related repositories to increase credibility. At least one wallet used to collect illicit funds was identified. The accounts used in the campaign are quickly deleted, with no confirmed victims reported so far. OpenClaw, recently acquired by OpenAI, saw a surge in popularity and subsequent spam, prompting a Discord ban on coin promotion. OX Security recommends blocking suspicious domains, skeptical treatment of GitHub-aired token giveaways, and immediate revocation of wallet approvals if recently connected to untrusted sites.
