logo

Malware GhostClaw steals developers' encrypted wallet data through npm packages

By: rootdata|2026/03/23 09:42:00
0
Share
copy

According to Cryptopolitan, a new type of malware called GhostClaw is targeting cryptocurrency wallets on macOS devices.

This malware disguised itself as a legitimate OpenClaw CLI tool and was present in the npm registry for a week before being removed after infecting 178 developers. Once developers run the "npm install" command, a hidden script globally installs the GhostClaw package and evades detection through obfuscated configuration files. GhostClaw scans the clipboard every three seconds, capturing private keys, seed phrases, public keys, and other cryptocurrency wallet and transaction-related data.

After the second stage payload is downloaded, GhostLoader scans for cryptocurrency wallet data in the Chromium browser, macOS Keychain, and system storage, clones browser sessions to gain access to logged-in wallets, and steals API Tokens that connect to AI platforms such as OpenAI and Anthropic. The stolen data is sent to the attackers via Telegram, GoFile, and command servers.

-- Price

--

You may also like

Electric Capital: Tracking 501 types of yield-generating RWA assets, we discovered these patterns

From private credit to GPU leasing, from catastrophe bonds to music royalties, the range of tokenizable assets is much richer than the market perceives. However, the biggest challenge is not technology, but distribution—existing RWAs heavily rely on a few large deployers, and the concentration of ri...

Those who are cut off by AI will not disappear; they will become the creators of the next round of the economy

AI is not eliminating people, but rather the superstition of "stable careers": those who break the shackles of organizations and understand how to rewrite themselves are ushering in the ultimate revenge.

Stablecoins reshaping cross-border payments in Asia? Strategic panorama and investment opportunity analysis

With the popularity of local payment channels, the costs of traditional transfers have been significantly reduced, and the fees are now mainly concentrated in the domestic settlement phase, which is precisely what stablecoins cannot bypass.

Zuckerberg is building an AI agent to help him as CEO

Zuckerberg is reported to be personally developing a "CEO proxy" to accelerate information acquisition and reduce management layers.

Bloomberg: Swiss Private Bank Old Guard Rifts, Is Bitcoin the Spark?

For Marc Syz, this is both a bet on the digital asset track and a complete break from Switzerland's long-established private banking dynasty.

Zuckerberg is building an AI assistant to help him be CEO

Mark Zuckerberg has been reportedly personally developing a "CEO Proxy" to speed up information flow and reduce management layers.

Popular coins

Latest Crypto News

05:42

Data: In the past 24 hours, the total liquidation across the network was 816 million USD, with long positions liquidated at 431 million USD and short positions liquidated at 385 million USD

According to Coinglass data, in the past 24 hours, the total liquidation across the network was $816 million, with long positions liquidated at $431 million and short positions liquidated at $385 million. Among them, Bitcoin long positions were liquidated at $109 million, Bitcoin short positions at ...
05:42

The three major U.S. stock indices closed up over 1%, with NIO and XPeng both rising 7%

According to Jinshi reports, U.S. stocks closed on Monday with the Dow Jones Industrial Average initially rising by 1.38%, the S&P 500 index up by 1.1%, and the Nasdaq Composite index up by 1.38%. Advanced Micro Devices rose by 5%, NVIDIA rose by 1.7%, and TSMC rose by 2.8%. The Nasdaq China Golden ...
05:42

The Dow Jones Index closed up 631.12 points, with both the S&P 500 and Nasdaq also rising

According to Jinshi reports, the Dow Jones Industrial Average closed up 631.12 points on March 23 (Monday), an increase of 1.38%, at 46,208.59 points; the S&P 500 index rose by 74.52 points, an increase of 1.15%, at 6,581 points; the Nasdaq Composite Index rose by 299.15 points, an increase of 1.38%...
05:42

Data: 3.8098 million ZRO transferred from Wintermute, worth approximately 8.15 million USD

According to Arkham data, at 04:19, 3.8098 million ZRO (worth approximately 8.15 million USD) was transferred from Wintermute to an anonymous address (starting with 0x6652...).
05:42

Daly: The economy faces two potential development paths, with escalating conflicts affecting policy trade-offs

According to Jinshi reports, Fed's Daly stated that the economy has at least two potential development paths. Prolonged conflicts may exacerbate the trade-offs in monetary policy.
Read more
Community
iconiconiconiconiconiconicon

Customer Support Bot@WEEX_support_smart_Bot

VIP Servicessupport@weex.com