Blockchain

A new malware called GhostClaw is targeting crypto wallets on macOS devices.

2026-03-23 10:36:28

GhostClaw Malware Targets macOS Crypto Wallets—Disguised as OpenClaw Tool, Infected 178 Developers

A new threat is lurking in the npm registry. GhostClaw, a malware disguised as the legitimate OpenClaw CLI tool, infected 178 developers before being pulled on March 10. The attack triggered when devs ran "npm install," which silently installed the malicious package and hid behind obfuscated config files.

Once inside, GhostClaw went to work. It scans the clipboard every three seconds—grabbing private keys, seed phrases, and public keys. Then it downloads a second-stage payload, GhostLoader, which digs through Chromium browsers, macOS keychain, and system storage for crypto wallet data. It clones browser sessions to hijack logged-in wallets and steals API tokens from AI platforms like OpenAI and Anthropic. All stolen data is funneled out via Telegram, GoFile, and command servers. Another reminder: open-source tools come with open risks.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

A new malware called GhostClaw is targeting crypto wallets on macOS devices.

GhostClaw Malware Targets macOS Crypto Wallets—Disguised as OpenClaw Tool, Infected 178 Developers

Recommended reading

Claude has launched a new computer control feature that can directly operate a user's computer

A new malware called GhostClaw is targeting crypto wallets on macOS devices.

China's National Internet Emergency Center have released a guide for the safe use of OpenClaw.

Tim Cook addressed a question about how the OpenClaw AI project has driven strong sales of the Mac M

Aster Chain has launched its staking feature, allowing users to lock up tokens and earn yields.

Global Crypto Media & Data Platform

About

Contact

Product