Fake OpenClaw AI Package Spreads RAT Malware on npm
Security researchers discovered a malicious npm package on March 9, 2026, that impersonates OpenClaw AI software to distribute remote access trojans. The package "@openclaw-ai/openclawai" was uploaded by user "openclaw-ai" on March 3, 2026, and has accumulated 178 downloads over six days.
The malicious package targets developers searching for OpenClaw AI tools by using a deceptive name that closely resembles legitimate AI software. Once installed, the package executes code that deploys RAT malware designed to establish persistent remote access to compromised developer machines.
Developer Systems and Data at Risk
The attack primarily affects Node.js developers who installed the fraudulent package while searching for OpenClaw AI development tools. Systems compromised by this RAT face data theft risks, including source code, credentials, and sensitive project information stored on developer workstations.
The 178 confirmed downloads represent individual installations that may have occurred across development teams, potentially expanding the attack's reach beyond the initial download count. Each infected system becomes a potential entry point for broader network compromise.
Package Remains Active Despite Discovery
The malicious package continues to be available on the npm registry despite researcher disclosure, creating ongoing risk for unsuspecting developers. Organizations should immediately audit their npm dependencies and remove any installations of @openclaw-ai/openclawai from development environments.
Security teams should monitor for indicators of RAT activity on systems where this package was installed, including unusual network connections and unauthorized file access. The CISA Known Exploited Vulnerabilities catalog provides additional guidance on detecting and responding to similar supply chain attacks targeting development infrastructure.
