Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Published: 3 days ago (February 24, 2026 at 09:20 PM EST)

1 min read

Source: Dev.to

Overview

Atomic Stealer (AMOS) has evolved from its traditional distribution via cracked software to a sophisticated supply‑chain attack targeting AI‑agentic workflows. Attackers embed malicious instructions in SKILL.md files on platforms such as OpenClaw, manipulating AI agents to act as trusted intermediaries. By deceiving the AI into presenting fake setup requirements, the malware tricks users into manually facilitating infection on macOS systems.

Technical Details

This variant employs Mach‑O universal binaries and multi‑key XOR encryption to evade detection while harvesting a broad range of sensitive data. Targets include Apple and KeePass keychains, browser credentials, cryptocurrency wallets, and private messages. Although it lacks typical persistence mechanisms, the use of encrypted universal binaries makes static analysis more difficult.

Impact

The ability to exploit the trust relationship between users and AI agents represents a significant shift in social‑engineering tactics within the cybersecurity landscape. Even without persistent footholds, the attack’s reliance on user‑mediated execution through AI‑driven instructions amplifies its potential reach and effectiveness.

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Overview

Technical Details

Impact

Related posts

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Fake Next.js job interview tests backdoor developer's devices

The best mini PC deals for running OpenClaw: Save on Apple Mac mini, Kamuri Pinova P2, and Beelink Mini

Anthropic’s Claude rises to No. 2 in the App Store following Pentagon dispute