Rewards Hub SlowMist has issued a warning regarding a malicious npm package named "@openclaw-ai/openclawai". This package poses as a legitimate command-line tool, OpenClaw Installe, but is designed to execute a multi-layered attack chain. It targets and steals sensitive information, including system credentials, encrypted wallet private keys, browser data, SSH keys, and Apple Keychain databases. Users are advised to exercise caution and verify the authenticity of npm packages before installation.
SlowMist Warns of Malicious npm Package Targeting System Credentials
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.