ClawHosters ClawHosters
Subs -30% SUB30
Fake OpenClaw Installers on GitHub Deliver GhostSocks Malware, Amplified by Bing AI
$ ./blog/news
News

Fake OpenClaw Installers on GitHub Deliver GhostSocks Malware, Amplified by Bing AI

ClawHosters
ClawHosters by Daniel Samer
3 min read

Search "OpenClaw Windows" on Bing. Until this week, the AI-generated answer pointed you straight to a GitHub repo that installs proxy malware on your machine. Not a shady forum link. The top AI result.

Huntress researchers Jai Minton and Ryan Dowd disclosed the campaign on March 3-4, 2026. It's the first documented case of AI search results directly amplifying OpenClaw malware distribution.

The Attack Chain

The fake repo was called "openclaw-installer" and looked legitimate enough. The source code was actually stolen from Cloudflare's open-source moltworker project. Nothing in the repo itself screamed malware.

The payload sat in GitHub Releases. An archive named OpenClaw_x64.exe inside a 7-Zip file. Download it, run it, and you get hit with something called "Stealth Packer," a novel packing technique that deploys three separate payloads: GhostSocks, Vidar Stealer, and PureLogs Stealer.

GhostSocks is the nasty one. It turns your machine into a residential proxy. Attackers then route stolen credential logins through your IP address to bypass MFA checks and anti-fraud systems at banks, email providers, you name it. Your home IP becomes their cover.

A parallel macOS campaign used AMOS stealer to target crypto wallets and browser credentials.

Bing AI Made It Worse

This is probably the most concerning part. Bing's AI search didn't just index the malicious repo. It actively recommended it as the answer when users asked about installing OpenClaw on Windows.

Think about that for a second. A user asks an AI-powered search engine a genuine question, and the AI confidently sends them to malware.

GitHub removed the repos within about eight hours of Huntress's report. But copycats appeared almost immediately.

What This Means for You

OpenClaw has no official Windows installer. There is no OpenClaw_x64.exe. If you've downloaded anything matching that description, treat your machine as compromised. Run a full antivirus scan, change passwords from a different device, and check for unfamiliar proxy configurations.

If you're running OpenClaw through ClawHosters, none of this applies. Your instance runs on a managed server that we deploy from verified sources. You never download executables.

For background on how we approach OpenClaw security, the security hardening guide covers our deployment model. And if you want to verify your existing setup, the OpenClaw Safety Scanner can flag issues.

Frequently Asked Questions

No. OpenClaw doesn't distribute a Windows .exe installer. Any GitHub repo or download claiming to offer one is not legitimate. The real OpenClaw project provides source code and Docker-based deployment.

This incident proves they can. Bing's AI recommended a fake GitHub repo as its top result for "OpenClaw Windows." AI search engines generate answers from indexed content without verifying the safety of linked downloads.

No. ClawHosters deploys OpenClaw from verified sources on managed servers. You never download or run executables locally. The fake installer campaign only affects people who searched for and manually downloaded the malicious file.
*Last updated: March 2026*

Sources

  1. 1 Jai Minton and Ryan Dowd
  2. 2 ClawHosters
$ ./related --posts