Fake OpenClaw Installer Targets Crypto Wallets and Password Managers

Fake OpenClaw Installer Targets Crypto Wallets and Password Managers

First seen 11 May 2026, 11:02 UTC GbhackersSocprime 82% similarity 64.5

Article Content

Browse articles
ThreatCluster

A new malware campaign is exploiting a fake OpenClaw installer to deploy the Hologram infostealer framework, which is designed to harvest credentials from over 250 crypto wallet and password manager browser extensions. The malware, delivered as a 130MB Rust-compiled executable, is disguised with fake documentation to bypass antivirus detection mechanisms. Affected services include popular wallets like MetaMask and Phantom, as well as password managers like Bitwarden. The campaign utilizes trusted cloud and messaging services to distribute the malicious installer. Users are urged to remain vigilant and verify the authenticity of software downloads. The attack is ongoing, with no specific mitigation strategies provided yet.

Key Points: • Fake OpenClaw installer is used to deploy the Hologram infostealer framework. • The malware targets over 250 crypto wallets and password managers, including MetaMask and Bitwarden. • The executable is padded with fake documentation to evade antivirus detection.

ThreatCluster AI

Timeline

2026-05-08
Fake OpenClaw installer identified
Researchers reported that hackers are using a fake OpenClaw installer to deploy malware targeting crypto wallets and password managers.
Gbhackers
2026-05-11
Ongoing malware campaign reported
A fresh malware campaign exploiting the fake OpenClaw installer continues to target users, with significant credential theft potential.
Gbhackers

Community

Browse all →