← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
WHITE AlienVault 2026-02-23 Modified: 2026-03-25
50
IOCs
MEDIUM VOLUME
A new campaign exploits OpenClaw skills to distribute the Atomic MacOS Stealer (AMOS). This evolution in supply chain attacks manipulates AI agentic workflows to install malware. The campaign spans multiple repositories with hundreds of malicious skills uploaded to ClawHub and SkillsMP. The infection chain begins with a seemingly harmless SKILL.md file that installs a prerequisite, leading to the download of a Mach-O universal binary. This AMOS variant steals extensive data, including credentials, browser data, cryptocurrency wallets, and various user documents. It lacks system persistence but expands its reach by exfiltrating Apple and KeePass keychains. The malware uses sophisticated encryption schemes and targets multiple browsers and cryptocurrency wallets.
amosskillsmpclawhubsupply chain attackstealerai manipulationatomic macos stealer (amos)openclawmacos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Atomic MacOS Stealer (AMOS)
Indicators of Compromise (12 / 50 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://91.92.242.30/1v07y9e1m6v7thl6 2026-02-23
URL http://91.92.242.30/6wioz8285kcbax6v 2026-02-23
URL http://91.92.242.30/6x8c0trkp4l9uugo 2026-02-23
URL http://91.92.242.30/dx2w5j5bka6qkwxi 2026-02-23
URL http://91.92.242.30/dyrtvwjfveyxjf23 2026-02-23
URL http://91.92.242.30/ece0f208u7uqhs6x 2026-02-23
URL http://91.92.242.30/il24xgriequcys45 2026-02-23
URL http://91.92.242.30/l5ou8r739pc48rwi 2026-02-23
URL http://91.92.242.30/lamq4uerkruo6ssm 2026-02-23
URL http://91.92.242.30/q0c7ew2ro8l2cfqp 2026-02-23
URL https://socifiapp.com/api/reports/upload 2026-02-23
URL https://install.app-distribution.net/setup/ 2026-02-23
References (1)
↗ https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html