Malware GhostClaw steals developers' encrypted wallet data through npm packages

By: rootdata|2026/03/23 01:53:23
0
Share
copy

According to Cryptopolitan, a new type of malware called GhostClaw is targeting cryptocurrency wallets on macOS devices.

This malware disguised itself as a legitimate OpenClaw CLI tool and was present in the npm registry for a week before being removed after infecting 178 developers. Once developers run the "npm install" command, a hidden script globally installs the GhostClaw package and evades detection through obfuscated configuration files. GhostClaw scans the clipboard every three seconds, capturing private keys, seed phrases, public keys, and other cryptocurrency wallet and transaction-related data.

After the second stage payload is downloaded, GhostLoader scans for cryptocurrency wallet data in the Chromium browser, macOS Keychain, and system storage, clones browser sessions to gain access to logged-in wallets, and steals API Tokens that connect to AI platforms such as OpenAI and Anthropic. The stolen data is sent to the attackers via Telegram, GoFile, and command servers.

You may also like

Argentina vs Cape Verde: When a Record-Breaking Legend Meets an Unbreakable Underdog

WEEX exclusive pre-match analysis of Argentina vs Cape Verde, exploring Messi-led Argentina’s dominance and Cape Verde’s historic defensive breakout, with a breakdown of volatility, structure, and match dynamics.

How does Gate redo "buying and selling stocks" from the cryptocurrency world to the stock market?

The competition logic of exchanges has changed.

Former ByteDance employee's account: How I started with two Pinduoduo hard drives and made six times the profit with Seagate to achieve financial freedom?

A programmer from a big tech company bought hard drives on Pinduoduo and, following clues, managed to accurately capture the sixfold rising stock Seagate using the "finding daily anomalies + 13F institutional verification" framework, making a wild profit of $400,000 and achieving financial freedom.

Visa and Mastercard join 140 giants to launch a new stablecoin, but the impact on the market landscape may still be limited

As an important milestone event in the stablecoin landscape, OUSD is likely to change the existing stablecoin landscape and significantly increase the adoption rate of stablecoins in the global financial system.

WEEX Launches Depth Chart for Spot Trading

WEEX Spot now supports Depth Chart, helping users visualize buy and sell orders, spot liquidity walls, and understand market depth more clearly before placing trades.

MiCA reshuffle begins, Binance temporarily bids farewell to the EU

What Binance leaves behind is not scattered retail investors, but a whole batch of high-value users who are forced to liquidate and have almost nowhere to go.

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com