Hackers Abuse Bing AI Search to Spread Malware Through Fake OpenClaw Installers


bing ai openclaw malware

Microsoft has recently warned about hackers abusing OAuth applications for phishing, and earlier incidents showed attackers spreading malware using legitimate digital certificates. Now researchers say malicious actors have used Bing’s AI-enhanced search results to distribute malware.

Attackers promoted fake OpenClaw installers hosted on GitHub, which Bing’s AI search recommended when users searched for the Windows version of the open-source AI agent.

OpenClaw is an open-source AI agent that has become popular among developers and AI enthusiasts. Threat actors attempted to exploit that popularity by publishing malicious GitHub repositories that impersonated legitimate OpenClaw installers.

Security researchers at Huntress discovered the campaign after identifying several repositories that appeared legitimate at first glance.

The attackers attempted to make the projects look trustworthy by using a GitHub organization name similar to the real one, such as openclaw-installer. The repositories also copied code from the Cloudflare moltworker project to give the appearance of authentic development activity.

Source: Huntress

Bing’s AI search reportedly recommended one of these repositories when users searched for a Windows version of OpenClaw, directing victims to the malicious installation instructions.

macOS users targeted with Terminal command

The attack chain for macOS relied on social engineering through installation instructions.

Users were told to run a bash command in Terminal, which downloaded additional files from another GitHub repository controlled by the attackers.

The downloaded payload ultimately installed Atomic Stealer, a macOS information-stealing malware designed to extract sensitive data from infected machines.

Windows installers deployed multiple malware loaders

Windows users encountered fake installers such as OpenClaw_x64.exe, which delivered several malicious executables.

Many of the payloads were Rust-based malware loaders designed to deploy additional malware after the initial infection.

Researchers identified two major malware families used in the campaign.

One was Vidar infostealer, a credential-stealing malware that retrieves command-and-control instructions through Telegram channels and Steam profiles.

The other was GhostSocks, a backconnect proxy malware that converts infected systems into proxy nodes that attackers can use to route malicious traffic.

Infected machines could be used for credential theft and proxy networks

Once installed, the malware could allow attackers to steal credentials and other sensitive information from victims’ devices.

Compromised systems could also bypass fraud detection systems or route malicious traffic through the infected machine, helping attackers conceal their activity.

Researchers tracked several GitHub accounts and repositories involved in the campaign and reported them to GitHub.

The incident highlights a growing trend in cybercrime where attackers exploit trusted platforms and tools to spread malware.

Security experts recommend downloading software only from official repositories or verified project pages and bookmarking trusted sources instead of relying solely on search results.

In separate cybersecurity news, researchers have also warned about a Google-themed phishing campaign currently circulating online that attempts to steal account credentials.

Via Bleeping Computer

More about the topics: Bing AI, malware, OpenClaw

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages