A widespread exploitation of\u00a0OpenClaw, formerly known as\u00a0MoltBot and\u00a0ClawdBot<\/a>, by multiple hacking groups to deploy malicious payloads.<\/p>\n OpenClaw, an open-source autonomous AI framework developed by\u00a0Peter Steinberger, now at OpenAI<\/a>, has become a high-severity target following its viral adoption in late January 2026.<\/p>\n Its architecture grants significant system privileges, persistent memory access, and integration with sensitive services, making it a prime candidate for credential theft and data exfiltration.<\/p>\n Within 72 hours of broad deployment, threat actors began exploiting several serious vulnerabilities.<\/p>\n Including the high-risk\u00a0Remote Code Execution flaw (CVE-2026-25253)<\/a>, supply chain poisoning, and credential harvesting through exposed administrative interfaces.<\/p>\n Flare analysts have observed over\u00a030,000 compromised OpenClaw instances used to steal API keys, intercept messages, and distribute info-stealing malware via Telegram<\/a> and other malicious communication channels.<\/p>\n One of the earliest and most damaging campaigns, dubbed\u00a0\u201cClawHavoc,\u201d<\/a>\u00a0was detected on\u00a0January 29, 2026.<\/p>\n This supply chain attack disguised malicious payloads like\u00a0Atomic Stealer (for macOS)<\/a>\u00a0and\u00a0keyloggers (for Windows)\u00a0as legitimate crypto tools.<\/p>\n Users installing from supposed \u201csetup\u201d scripts unknowingly downloaded stealer malware capable of full-service compromise, enabling attackers to extract persistent memory data and conduct lateral movement across enterprise systems.<\/p>\n By early February, a second campaign, Automated Skill Poisoning Through ClawHub<\/a>, emerged through the OpenClaw community marketplace.<\/p>\n Due to the platform\u2019s open publishing model and lack of code review, attackers uploaded backdoored \u201cskills\u201d from seemingly trustworthy GitHub accounts such as\u00a0Hightower6eu.<\/p>\n These malicious updates executed remote shell commands, allowing attackers to exfiltrate\u00a0OAuth tokens<\/a>, passwords, and API keys\u00a0in real time.<\/p>\n A Shodan scan on February 18, 2026, found 312,000+ OpenClaw instances running on default port 18789, many with no authentication and open to the internet.<\/p>\n Meanwhile,\u00a0exposed administrative interfaces\u00a0are worsening the crisis. Honeypot deployments<\/a> have recorded exploitation attempts within minutes of exposure.<\/p>\n The OpenClaw incidents underscore a critical turning point in the security of\u00a0autonomous AI agents. Organized threat groups have adapted rapidly, weaponizing an ecosystem that prioritized capability over cybersecurity.<\/p>\n As OpenAI absorbs OpenClaw\u2019s developer, experts warn that these issues highlight the urgent need for\u00a0security-by-design\u00a0approaches in future AI frameworks.<\/p>\n A Flare advisory recommends<\/a> that companies using or testing autonomous assistants\u00a0secure<\/span> API credentials and isolate AI workloads.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nClawHavoc Campaign: Supply Chain Mass Deployment<\/strong><\/h2>\n
![\"\u201cHightower6eu\u201d](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiUUskifNibhRcRN6b_6bGL-A1wePZeu0BargovXMO082yJ2rpehD0WIcA0oAvQHnTYdfYra1sJgnDifrvPMnemweNIdN83C2MK9wVhW26dxqxnRO4kDNiEhUlUAsRWCckzmZr7s2i717NZUkJGAczCLF-sy24qnNWYQQQq1B3rnW1drLE2LN08wgAwUoY\/s1600\/Screenshot%25202026-02-21%2520162937%2520%25281%2529.webp?ssl=1\")
![\"\nShodan](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgBkWL814HZJTxWDHnveud7xWzsfsg95iSGQy642CIdJNIuPLbOQ-9eWfcRquevb9jSK37bPA9dn7X3vQ0SCR86x3ytZ2jpLR8PJ1Thv0uJI1IMicXIn3Ma6P5byP_Z7BerI592kXsQ3Tqqwn3MbSOVgSkrAUzooZmV4N4y6vrXSvYCzb1DU86ZZZRDft0\/s1600\/Screenshot%25202026-02-21%2520162953%2520%25281%2529.webp?ssl=1\")