{ "type": "URL", "indicator": "https://install.app-distribution.net/setup/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://install.app-distribution.net/setup/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4196693474, "indicator": "https://install.app-distribution.net/setup/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "6a01c2363e7f67fcbed473cb", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...", "modified": "2026-05-11T19:05:08.950000", "created": "2026-05-11T11:49:10.065000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1 }, "indicator_count": 43, "is_author": false, "is_subscribing": null, "subscriber_count": 386497, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "699cd6ee7d755d4afd290651", "name": "Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer", "description": "A new campaign exploits OpenClaw skills to distribute the Atomic MacOS Stealer (AMOS). This evolution in supply chain attacks manipulates AI agentic workflows to install malware. The campaign spans multiple repositories with hundreds of malicious skills uploaded to ClawHub and SkillsMP. The infection chain begins with a seemingly harmless SKILL.md file that installs a prerequisite, leading to the download of a Mach-O universal binary. This AMOS variant steals extensive data, including credentials, browser data, cryptocurrency wallets, and various user documents. It lacks system persistence but expands its reach by exfiltrating Apple and KeePass keychains. The malware uses sophisticated encryption schemes and targets multiple browsers and cryptocurrency wallets.", "modified": "2026-03-25T22:08:44.661000", "created": "2026-02-23T22:38:38.076000", "tags": [ "amos", "skillsmp", "clawhub", "supply chain attack", "stealer", "ai manipulation", "atomic macos stealer (amos)", "openclaw", "macos" ], "references": [ "https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic MacOS Stealer (AMOS)", "display_name": "Atomic MacOS Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1555.001", "name": "Keychain", "display_name": "T1555.001 - Keychain" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056.002", "name": "GUI Input Capture", "display_name": "T1056.002 - GUI Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 16, "URL": 12, "domain": 1, "hostname": 1 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 386499, "modified_text": "66 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69833f1ffa4d16b727a549c2", "name": "341 Malicious Clawed Skills Found by the Bot They Were Targeting", "description": "A massive malware campaign dubbed ClawHavoc has been uncovered in the ClawHub marketplace, targeting OpenClaw bots and their users. An AI bot named Alex, working with security researcher Oren Yomtov, discovered 341 malicious skills, including 335 from a single campaign. The malware, identified as Atomic Stealer (AMOS), uses sophisticated techniques to evade detection and steal sensitive data. The attack exploits users' trust in AI assistants, potentially compromising personal and financial information. In response, a new tool called Clawdex has been developed to help bots and users scan for malicious skills before installation.", "modified": "2026-03-06T12:03:42.273000", "created": "2026-02-04T12:44:15.808000", "tags": [ "typosquatting", "crypto wallets", "amos", "malicious skills", "atomic stealer (amos)", "bot security", "supply chain attack", "clawhub", "openclaw" ], "references": [ "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting" ], "public": 1, "adversary": "ClawHavoc", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer (AMOS)", "display_name": "Atomic Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1553.001", "name": "Gatekeeper Bypass", "display_name": "T1553.001 - Gatekeeper Bypass" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "hostname": 2 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386500, "modified_text": "85 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a047bb5f2b9d59bf3636161", "name": "EbeeMay2026 Pt2", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-13T13:25:09.112000", "created": "2026-05-13T13:25:09.112000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "cve20250921 cve", "cve20260300 cve", "cve20261281 cve", "cve20261340 cve", "cve20261731 cve", "cve20261357 cve", "cve20259501 cve", "yara" ], "references": [ "IOCs.csv" ], "public": 1, "adversary": "JDownloader, DarkCloud, Chaos Ransomware, APT29, Shadow-Earth-053", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "URL": 45, "CVE": 23, "FileHash-MD5": 232, "FileHash-SHA1": 239, "FileHash-SHA256": 264, "domain": 130, "email": 3, "hostname": 41 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a02f72e0fc6f61b1c76350b", "name": "Poisoning The Well by AV", "description": "", "modified": "2026-05-12T11:39:51.759000", "created": "2026-05-12T09:47:26.071000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "6a01c2363e7f67fcbed473cb", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1, "hostname": 1 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a02ae594d521771be4fe837", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "", "modified": "2026-05-12T04:36:41.909000", "created": "2026-05-12T04:36:41.909000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "6a01c2363e7f67fcbed473cb", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1 }, "indicator_count": 43, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a01c1248bf3199e640f8bb9", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "", "modified": "2026-05-11T11:44:36.515000", "created": "2026-05-11T11:44:36.515000", "tags": [ "hugging face", "clawhub", "minor actor", "face", "github", "openclaw", "join", "windows malware", "windows", "ai distribution", "fakesecurity", "powershell", "explorer", "malicious", "virustotal", "trojan", "telegram", "brok", "path", "indo", "rats", "android", "defender", "loader" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 3, "hostname": 1 }, "indicator_count": 46, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fdcbb83146177e3c63dd78", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "Recent investigations by Acronis Threat Research Unit highlight the exploitation of AI distribution platforms, particularly Hugging Face and ClawHub, by cyber threat actors to deliver malware. These platforms, which are trusted repositories for AI models and tools, have become prime targets for attackers due to the inherent trust users place in their content. Attackers are embedding malicious functionality in software designed for AI ecosystems, utilizing the features of these platforms to extend the reach and impact of their malware beyond typical single-system compromises.", "modified": "2026-05-08T11:40:40.672000", "created": "2026-05-08T11:40:40.672000", "tags": [ "hugging face", "clawhub", "minor actor", "face", "github", "openclaw", "join", "windows malware", "windows", "ai distribution", "fakesecurity", "powershell", "explorer", "malicious", "virustotal", "trojan", "telegram", "brok", "path", "indo", "rats", "android", "defender", "loader", "moltbot", "macos", "ithkrpaw", "amos", "threat" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Moltbot", "display_name": "Moltbot", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "ITHKRPAW", "display_name": "ITHKRPAW", "target": null }, { "id": "FAKESECURITY", "display_name": "FAKESECURITY", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null }, { "id": "OpenClaw", "display_name": "OpenClaw", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null } ], "attack_ids": [ { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" } ], "industries": [ "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 3, "hostname": 1 }, "indicator_count": 46, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "699e78c4e2b85d4cddbeb48f", "name": "Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer", "description": "", "modified": "2026-03-25T22:08:44.661000", "created": "2026-02-25T04:21:24.044000", "tags": [ "amos", "skillsmp", "clawhub", "supply chain attack", "stealer", "ai manipulation", "atomic macos stealer (amos)", "openclaw", "macos" ], "references": [ "https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic MacOS Stealer (AMOS)", "display_name": "Atomic MacOS Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1555.001", "name": "Keychain", "display_name": "T1555.001 - Keychain" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056.002", "name": "GUI Input Capture", "display_name": "T1056.002 - GUI Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": "699cd6ee7d755d4afd290651", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 16, "URL": 12, "domain": 1, "hostname": 1 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "66 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69905efe9bcff1b8fb999b67", "name": "TI Advisory No-ESAF-SOC-TI-2026-173", "description": "Obsolete IP addresses are the subject of debate in the UK, but they are not the same as those of their counterparts in Europe and the United Arab Emirates, where they were used to be.", "modified": "2026-03-16T11:07:17.587000", "created": "2026-02-14T11:39:35.926000", "tags": [ "url http", "ip address", "domain", "url https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14, "domain": 1, "hostname": 1 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 14, "modified_text": "75 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698c507b6fa354503c07514d", "name": "EbeeFeb2026 Pt2", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-03-13T09:35:12.591000", "created": "2026-02-11T09:48:43.368000", "tags": [ "filehashsha1", "filehashsha256", "filehashmd5", "ipv6240e", "cve20261281 cve", "yara" ], "references": [ "IOCs.3.csv" ], "public": 1, "adversary": "DKnife, Supply chain attack targeting dYdX, RCtea Botnet, ClawHavoc, CrashFix, Prometei", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 122, "FileHash-MD5": 181, "FileHash-SHA1": 169, "FileHash-SHA256": 211, "CVE": 9, "SSLCertFingerprint": 2, "domain": 40, "email": 5, "hostname": 45 }, "indicator_count": 784, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698c53f29613e705f0f89e5a", "name": "EbeeFeb2026 Pt3", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-03-13T09:35:12.591000", "created": "2026-02-11T10:03:30.456000", "tags": [ "filehashmd5", "filehashsha1", "filehashsha256", "ipv4", "cve20207699 cve" ], "references": [], "public": 1, "adversary": "Campaign involving multi-stage infostealer deployment, Amaranth-Dragon, SystemBC, Notepad++ Compromi", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 158, "FileHash-SHA1": 131, "FileHash-SHA256": 134, "URL": 86, "domain": 71, "hostname": 30, "CIDR": 1, "CVE": 7 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 38, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698551261524fd9dc5504d97", "name": "Malicious Bot Skills Signal a Shift in Crypto-Focused Attacks", "description": "The following is a full list of malware-related incidents, which have been uncovered by researchers at the University of California, Los Angeles and the National Security Agency (NSSA) in the United States.", "modified": "2026-03-08T02:01:42.135000", "created": "2026-02-06T02:25:42.287000", "tags": [ "iocs file", "hashes windows", "vmprotect", "amos stealer", "skills", "clawhub", "ethereum gas", "tracker", "insider wallets", "finder", "grabber", "downloader", "malware", "npm security", "package security", "open source security", "threat intelligence", "vulnerability reporting", "intelligence", "oren", "openclaw", "amos", "alex", "vs code", "bots", "gas tracker", "bitcoin", "openclaw bot", "stealer", "telegram", "exodus", "atomic", "desktop", "tools", "crypto", "calendar", "macos", "compromise", "iocs", "github users", "c2 ip", "file hashes", "windows", "filenames" ], "references": [ "https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto", "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting#heading-9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Alex", "display_name": "Alex", "target": null }, { "id": "OpenClaw", "display_name": "OpenClaw", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Gas", "Crypto" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 4, "FileHash-SHA256": 7, "URL": 7, "domain": 1, "hostname": 2 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69844ea4cc64be21a9cedd3d", "name": "341 Malicious Clawed Skills Found by the Bot They Were Targeting", "description": "", "modified": "2026-03-06T12:03:42.273000", "created": "2026-02-05T08:02:44.452000", "tags": [ "typosquatting", "crypto wallets", "amos", "malicious skills", "atomic stealer (amos)", "bot security", "supply chain attack", "clawhub", "openclaw" ], "references": [ "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting" ], "public": 1, "adversary": "ClawHavoc", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer (AMOS)", "display_name": "Atomic Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1553.001", "name": "Gatekeeper Bypass", "display_name": "T1553.001 - Gatekeeper Bypass" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": "69833f1ffa4d16b727a549c2", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "hostname": 2 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "85 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6982b3a072a54715a7b31abc", "name": "Hundreds of AI Bot Extensions Abused to Deliver Credential-Stealing Malware", "description": "Silent Push, a security firm based in London, has identified and identified a major cybercrime campaign targeting high-value enterprises across the globe, and is offering a free webinar to anyone interested in taking part.", "modified": "2026-03-06T02:05:11.613000", "created": "2026-02-04T02:49:04.237000", "tags": [ "silent push", "a demo", "lapsus", "slsh", "push", "sso provider", "news source", "blog book", "supergroup", "january", "service", "hunters", "live", "applovin", "energy", "media", "hunt", "light", "simon property", "iofa", "future attack", "tlp amber", "threat hunting", "difference", "use cases", "resources blog", "enterprise", "attack", "lazarus", "back", "defense", "clawhub", "oren", "openclaw", "amos", "alex", "vs code", "bots", "gas tracker", "bitcoin", "openclaw bot", "stealer", "telegram", "exodus", "atomic", "desktop", "tools", "crypto", "calendar", "macos", "iocs file", "hashes windows", "vmprotect", "amos stealer", "skills", "ethereum gas", "tracker", "insider wallets", "finder", "grabber", "downloader" ], "references": [ "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Simon Property", "display_name": "Simon Property", "target": null }, { "id": "SLSH", "display_name": "SLSH", "target": null }, { "id": "Alex", "display_name": "Alex", "target": null }, { "id": "OpenClaw", "display_name": "OpenClaw", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Energy", "Healthcare", "Biotech", "Biosciences", "Medical", "Media", "Education", "Hospitality", "Gas", "Crypto" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "domain": 1, "hostname": 2 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "86 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "IOCs.3.csv", "https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html", "https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto", "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting#heading-9", "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/", "IOCs.csv", "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting", "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "related": { "alienvault": { "adversary": [ "ClawHavoc" ], "malware_families": [ "Atomic macos stealer (amos)", "Atomic stealer (amos)", "Amos stealer" ], "industries": [ "Finance" ], "unique_indicators": 95 }, "other": { "adversary": [ "JDownloader, DarkCloud, Chaos Ransomware, APT29, Shadow-Earth-053", "DKnife, Supply chain attack targeting dYdX, RCtea Botnet, ClawHavoc, CrashFix, Prometei", "Campaign involving multi-stage infostealer deployment, Amaranth-Dragon, SystemBC, Notepad++ Compromi", "ClawHavoc" ], "malware_families": [ "Ithkrpaw", "Threat", "Fakesecurity", "Simon property", "Macos", "Slsh", "Amos", "Alex", "Moltbot", "Openclaw", "Atomic stealer (amos)", "Atomic macos stealer (amos)", "Amos stealer" ], "industries": [ "Gas", "Crypto", "Energy", "Media", "Financial", "Finance", "Education", "Biotech", "Healthcare", "Hospitality", "Biosciences", "Medical" ], "unique_indicators": 2582 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/app-distribution.net", "whois": "http://whois.domaintools.com/app-distribution.net", "domain": "app-distribution.net", "hostname": "install.app-distribution.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "6a01c2363e7f67fcbed473cb", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...", "modified": "2026-05-11T19:05:08.950000", "created": "2026-05-11T11:49:10.065000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1 }, "indicator_count": 43, "is_author": false, "is_subscribing": null, "subscriber_count": 386497, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "699cd6ee7d755d4afd290651", "name": "Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer", "description": "A new campaign exploits OpenClaw skills to distribute the Atomic MacOS Stealer (AMOS). This evolution in supply chain attacks manipulates AI agentic workflows to install malware. The campaign spans multiple repositories with hundreds of malicious skills uploaded to ClawHub and SkillsMP. The infection chain begins with a seemingly harmless SKILL.md file that installs a prerequisite, leading to the download of a Mach-O universal binary. This AMOS variant steals extensive data, including credentials, browser data, cryptocurrency wallets, and various user documents. It lacks system persistence but expands its reach by exfiltrating Apple and KeePass keychains. The malware uses sophisticated encryption schemes and targets multiple browsers and cryptocurrency wallets.", "modified": "2026-03-25T22:08:44.661000", "created": "2026-02-23T22:38:38.076000", "tags": [ "amos", "skillsmp", "clawhub", "supply chain attack", "stealer", "ai manipulation", "atomic macos stealer (amos)", "openclaw", "macos" ], "references": [ "https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic MacOS Stealer (AMOS)", "display_name": "Atomic MacOS Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1555.001", "name": "Keychain", "display_name": "T1555.001 - Keychain" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056.002", "name": "GUI Input Capture", "display_name": "T1056.002 - GUI Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 16, "URL": 12, "domain": 1, "hostname": 1 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 386499, "modified_text": "66 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69833f1ffa4d16b727a549c2", "name": "341 Malicious Clawed Skills Found by the Bot They Were Targeting", "description": "A massive malware campaign dubbed ClawHavoc has been uncovered in the ClawHub marketplace, targeting OpenClaw bots and their users. An AI bot named Alex, working with security researcher Oren Yomtov, discovered 341 malicious skills, including 335 from a single campaign. The malware, identified as Atomic Stealer (AMOS), uses sophisticated techniques to evade detection and steal sensitive data. The attack exploits users' trust in AI assistants, potentially compromising personal and financial information. In response, a new tool called Clawdex has been developed to help bots and users scan for malicious skills before installation.", "modified": "2026-03-06T12:03:42.273000", "created": "2026-02-04T12:44:15.808000", "tags": [ "typosquatting", "crypto wallets", "amos", "malicious skills", "atomic stealer (amos)", "bot security", "supply chain attack", "clawhub", "openclaw" ], "references": [ "https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting" ], "public": 1, "adversary": "ClawHavoc", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer (AMOS)", "display_name": "Atomic Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1553.001", "name": "Gatekeeper Bypass", "display_name": "T1553.001 - Gatekeeper Bypass" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "hostname": 2 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386500, "modified_text": "85 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a047bb5f2b9d59bf3636161", "name": "EbeeMay2026 Pt2", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-13T13:25:09.112000", "created": "2026-05-13T13:25:09.112000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "cve20250921 cve", "cve20260300 cve", "cve20261281 cve", "cve20261340 cve", "cve20261731 cve", "cve20261357 cve", "cve20259501 cve", "yara" ], "references": [ "IOCs.csv" ], "public": 1, "adversary": "JDownloader, DarkCloud, Chaos Ransomware, APT29, Shadow-Earth-053", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "URL": 45, "CVE": 23, "FileHash-MD5": 232, "FileHash-SHA1": 239, "FileHash-SHA256": 264, "domain": 130, "email": 3, "hostname": 41 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a02f72e0fc6f61b1c76350b", "name": "Poisoning The Well by AV", "description": "", "modified": "2026-05-12T11:39:51.759000", "created": "2026-05-12T09:47:26.071000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "6a01c2363e7f67fcbed473cb", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1, "hostname": 1 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a02ae594d521771be4fe837", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "", "modified": "2026-05-12T04:36:41.909000", "created": "2026-05-12T04:36:41.909000", "tags": [ "amos stealer", "clawhub", "openclaw", "hugging face", "trojanized skills", "cryptominer", "ai supply chain", "indirect prompt injection" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AMOS Stealer", "display_name": "AMOS Stealer", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1218.011", "name": "Rundll32", "display_name": "T1218.011 - Rundll32" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "6a01c2363e7f67fcbed473cb", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 1 }, "indicator_count": 43, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a01c1248bf3199e640f8bb9", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "", "modified": "2026-05-11T11:44:36.515000", "created": "2026-05-11T11:44:36.515000", "tags": [ "hugging face", "clawhub", "minor actor", "face", "github", "openclaw", "join", "windows malware", "windows", "ai distribution", "fakesecurity", "powershell", "explorer", "malicious", "virustotal", "trojan", "telegram", "brok", "path", "indo", "rats", "android", "defender", "loader" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 3, "hostname": 1 }, "indicator_count": 46, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fdcbb83146177e3c63dd78", "name": "Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw", "description": "Recent investigations by Acronis Threat Research Unit highlight the exploitation of AI distribution platforms, particularly Hugging Face and ClawHub, by cyber threat actors to deliver malware. These platforms, which are trusted repositories for AI models and tools, have become prime targets for attackers due to the inherent trust users place in their content. Attackers are embedding malicious functionality in software designed for AI ecosystems, utilizing the features of these platforms to extend the reach and impact of their malware beyond typical single-system compromises.", "modified": "2026-05-08T11:40:40.672000", "created": "2026-05-08T11:40:40.672000", "tags": [ "hugging face", "clawhub", "minor actor", "face", "github", "openclaw", "join", "windows malware", "windows", "ai distribution", "fakesecurity", "powershell", "explorer", "malicious", "virustotal", "trojan", "telegram", "brok", "path", "indo", "rats", "android", "defender", "loader", "moltbot", "macos", "ithkrpaw", "amos", "threat" ], "references": [ "https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Moltbot", "display_name": "Moltbot", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "ITHKRPAW", "display_name": "ITHKRPAW", "target": null }, { "id": "FAKESECURITY", "display_name": "FAKESECURITY", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null }, { "id": "OpenClaw", "display_name": "OpenClaw", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null } ], "attack_ids": [ { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" } ], "industries": [ "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "URL": 7, "domain": 3, "hostname": 1 }, "indicator_count": 46, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "699e78c4e2b85d4cddbeb48f", "name": "Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer", "description": "", "modified": "2026-03-25T22:08:44.661000", "created": "2026-02-25T04:21:24.044000", "tags": [ "amos", "skillsmp", "clawhub", "supply chain attack", "stealer", "ai manipulation", "atomic macos stealer (amos)", "openclaw", "macos" ], "references": [ "https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic MacOS Stealer (AMOS)", "display_name": "Atomic MacOS Stealer (AMOS)", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1555.001", "name": "Keychain", "display_name": "T1555.001 - Keychain" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056.002", "name": "GUI Input Capture", "display_name": "T1056.002 - GUI Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": "699cd6ee7d755d4afd290651", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 16, "URL": 12, "domain": 1, "hostname": 1 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "66 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69905efe9bcff1b8fb999b67", "name": "TI Advisory No-ESAF-SOC-TI-2026-173", "description": "Obsolete IP addresses are the subject of debate in the UK, but they are not the same as those of their counterparts in Europe and the United Arab Emirates, where they were used to be.", "modified": "2026-03-16T11:07:17.587000", "created": "2026-02-14T11:39:35.926000", "tags": [ "url http", "ip address", "domain", "url https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14, "domain": 1, "hostname": 1 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 14, "modified_text": "75 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://install.app-distribution.net/setup/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://install.app-distribution.net/setup/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780215339.8630724 }