CP
cyberpings
Malware & RansomwareHIGH

Malicious npm Package Steals macOS Credentials with RAT

THThe Hacker NewsToday, 6:31 PM
npmmalwareRATmacOSOpenClaw
🎯

Basically, a fake software package tricked users and stole their passwords on Macs.

Quick Summary

A malicious npm package disguised as an OpenClaw installer is stealing macOS credentials. Users who downloaded it risk exposing sensitive data. Experts recommend immediate uninstallation and password changes.

What Happened

Imagine downloading a software tool that promises to enhance your productivity, only to find out it’s a trap. Recently, cybersecurity researchers uncovered a malicious npm package disguised as an OpenClaw? installer. This sneaky package, named @openclaw-ai/openclawai, was uploaded to the npm registry? by a user with the handle "openclaw?-ai" on March 3, 2026. So far, it has been downloaded 178 times, which means many users may unknowingly be at risk.

This deceptive package is not just harmless code. It deploys a remote access trojan (RAT), a type of malware that allows attackers to control infected systems remotely. Once installed, the RAT can steal sensitive information, including login credentials and personal data from macOS devices. The implications are serious, as this could lead to identity theft or unauthorized access to sensitive accounts.

Why Should You Care

You might think this issue only affects developers, but it impacts everyone using a Mac. If you’ve downloaded this package, your personal information could be in jeopardy. Imagine leaving your front door unlocked — a thief could easily walk in and take your valuables. That’s what happens when you download malicious? software.

Your bank details, social media accounts, and even work-related information could be exposed. This isn’t just a tech problem; it’s a personal one. Protecting your digital life is as crucial as locking your doors at home. The key takeaway is to always verify software before downloading.

What's Being Done

In response to this threat, cybersecurity experts are urging users to take immediate action. The npm registry? is likely working to remove the malicious? package, but you shouldn’t wait for that. Here’s what you can do right now:

  • Uninstall the package if you’ve downloaded it.
  • Change your passwords for any accounts accessed from the infected device.
  • Monitor your accounts for any suspicious activity.

Experts are closely monitoring the situation to see if the attackers will release updates or new versions of the RAT. Staying informed is your best defense against such threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The use of npm packages for malware distribution highlights the need for stringent package verification practices in development environments.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Fake CleanMyMac Site Spreads SHub Stealer Malware!

A fake CleanMyMac website is spreading SHub Stealer malware. Users who downloaded from cleanmymacos[.]org are at risk of losing passwords and crypto. Act now to protect your information!

Cyber Security News·Today, 8:24 PM
HIGHMalware & Ransomware

BoryptGrab Malware Tricks Users via Fake GitHub Repositories

BoryptGrab malware is spreading through fake GitHub repositories, tricking users into downloading malicious software. This affects anyone who downloads free software online. Protect your data by ensuring you only download from trusted sources.

Cyber Security News·Today, 8:18 PM
HIGHMalware & Ransomware

VIP Keylogger Campaign Steals Credentials Using Steganography

A new VIP Keylogger campaign is stealing credentials without leaving traces. Both individuals and organizations are at risk as traditional security tools struggle to detect this stealthy malware. Stay informed and take proactive measures to protect your sensitive information.

Cyber Security News·Today, 5:37 PM
HIGHMalware & Ransomware

Infostealers Target Windows and Mac Users via Fake Claude Code Pages

Fake installation pages for Claude Code are spreading infostealers that steal passwords from users. Both Windows and Mac users are at risk. Stay safe by only downloading from official sources and keeping your antivirus updated.

Malwarebytes Labs·Today, 1:07 PM
HIGHMalware & Ransomware

ClipXDaemon: New Linux Malware Targets Crypto Wallets Directly

A new Linux malware, ClipXDaemon, is targeting cryptocurrency users by hijacking clipboard data. This stealthy threat can change wallet addresses, leading to potential financial losses. Users should take immediate steps to secure their systems and stay informed about this emerging risk.

Cyber Security News·Today, 1:06 PM
HIGHMalware & Ransomware

ClickFix Attack Exploits Windows Terminal for Stealthy Attacks

A new ClickFix attack is using Windows Terminal to evade detection. Anyone using Windows could be affected, risking personal and financial data. Stay vigilant and don't run commands from untrusted sources.

SecurityWeek·Today, 12:51 PM