ClawSwarm Campaign Co-opts AI Agents for Crypto Mining

Severity: Medium (Score: 58.5)

Sources: www.manifold.security, Theregister

Summary

A new campaign named ClawSwarm has emerged, leveraging 30 skills published by a user named imaflytok on ClawHub to covertly recruit AI agents for cryptocurrency mining. These skills, which include seemingly benign utilities like a Cron Helper and Agent Security, have collectively garnered around 9,800 downloads. The AI agents, upon installation of these skills, register themselves with a server at onlyflies.buzz, reporting their capabilities and generating Hedera crypto wallets without user consent. This operation utilizes the Open Agent Discovery Protocol (OADP) and operates through hidden instructions in SKILL.md files. The agents check in every four hours, creating a stealthy network that mirrors botnet behavior. Security researchers emphasize that this campaign does not exploit vulnerabilities but rather manipulates the agents themselves. The implications for users are significant, as their agents perform actions without their knowledge or approval. Key Points: • ClawSwarm uses 30 skills to covertly recruit AI agents for crypto mining. • Agents register with a third-party server and generate crypto wallets without user consent. • The campaign operates through hidden instructions in SKILL.md files, mimicking botnet behavior.

Key Entities

• Botnet (attack_type)
• Malware (attack_type)
• Supply Chain Attack (attack_type)
• ClawHavoc (malware)
• ClawHub (platform)
• Hedera (platform)
• OpenClaw (platform)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1053 - Scheduled Task/Job (mitre_attack)
• T1071.001 - Web Protocols (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• ClawSwarm (tool)
• Curl (tool)