top of page
Search

Infostealer Malware Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

  • 2 days ago
  • 2 min read

Key Findings


  • Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim's OpenClaw configuration environment.

  • The incident marks a significant evolution in infostealer behavior, transitioning from stealing browser credentials to targeting the identities, settings, and "digital souls" of personal AI agents.

  • The stolen files included openclaw.json with gateway tokens, device.json containing private cryptographic keys, and "soul" and memory files outlining the agent's behavior and personal context.

  • This data could allow attackers to impersonate the user's device, access encrypted services, and effectively compromise the victim's entire digital identity.


Background


OpenClaw is an open-source personal AI assistant platform that allows users to extend its capabilities by installing community-created "skills." Formerly known as MoltBot and ClawdBot, it integrates with tools like Claude Code and often runs locally or via messaging apps, enabling skills to automate tasks but also creating security risks if malicious skills are installed.


Infostealer Infection


  • The infostealer did not use a dedicated OpenClaw module but a broad file-harvesting routine that scooped up sensitive extensions and folders, unintentionally capturing the full operational environment of the victim's OpenClaw AI agent.

  • The openclaw.json file contained the victim's redacted email address, workspace path, and a high-entropy Gateway Token, which could allow an attacker to connect to the victim's local OpenClaw instance remotely or impersonate the client in authenticated requests to the AI gateway.

  • The device.json file included cryptographic keys for secure pairing and signing operations within the OpenClaw ecosystem.

  • The "soul.md" file outlined the agent's core operational principles, behavioral guidelines, and ethical boundaries.


Implications


  • The theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely or masquerade as the client in authenticated requests to the AI gateway.

  • As AI agents like OpenClaw become more integrated into professional workflows, infostealer developers will likely release dedicated modules specifically designed to decrypt and parse these files, much like they do for Chrome or Telegram today.

  • The disclosure comes as security issues with OpenClaw have prompted the maintainers to announce partnerships and initiatives to address the growing threats.


Sources


  • https://securityaffairs.com/188097/malware/hackers-steal-openclaw-configuration-in-emerging-ai-agent-threat.html

  • https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html

  • http://www.news4hackers.com/infostealer-malware-steals-openclaw-ai-agent-config-files-and-gateway-tokens/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page