Malware

cluw

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

MITRE ATT&CK

Techniques & procedures

5 distinct techniques documented for this family, organized by ATT&CK tactic.

Initial Access

2 techniques

T1195Supply Chain CompromiseEvidence1

AI agent skills as a supply chain attack surface... malicious skills use semantic instruction hijacking to bypass technical constraints... installation results in complete control over the agent's identity.

T1566.002Spearphishing LinkEvidence1

Both embedded the same malicious prerequisite block... directed agents to a site with malicious instructions to copy and paste text into a terminal window. We refer to this site as a paste-site redirect lure.

Execution

1 technique

T1059.004Unix ShellEvidence1

Base64-encoded curl-pipe-bash dropper: These skills embedded a fake prerequisite block that instructed the agent to decode and execute a Base64-encoded remote payload...

Command and Control

2 techniques

T1071Application Layer ProtocolEvidence1

Infostealers: Two skills delivered macOS infostealers. Both connect to command-and-control (C2) infrastructure... Alternative exfiltration channel: A distinct cluster... exfiltrated cryptocurrency private keys via the Telegram Bot API, a C2 channel independent of the shared dropper infrastructure.

T1105Ingress Tool TransferEvidence1

When the agent performed the actions in the paste-site redirect lure, the associated command fetched a payload from hxxp[:]//2.26.75[.]16/Xuvewuyur.

INDICATORS OF COMPROMISE

IOCs tracked for this family

6 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app

Network

2 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes

2 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

Other

2 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting

domain●●●●●●●●●●●●View more in apptoday

hash.sha256●●●●●●●●●●●●View more in apptoday

ip.v4●●●●●●●●●●●●View more in apptoday

uri●●●●●●●●●●●●View more in apptoday

hash.sha256●●●●●●●●●●●●View more in apptoday

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

palo alto networks unit 42 blogNews

Jun 23, 2026

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

A macOS infostealer fetched from attacker infrastructure via a paste-site redirect and Base64-decoded command execution chain in malicious ClawHub skills. It connects to C2 infrastructure and follows the same delivery template as earlier ClawHavoc-style campaigns.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching6

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping5

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.