• Infostealer variant of Vidar exfiltrated OpenClaw AI agent config files. • Stolen files include openclaw.json, device.json, soul.md with tokens, keys, operational principles. • Theft of gateway token allows remote access or impersonation of the AI agent. • Malware used broad file‑grabbing routine targeting specific extensions and directories. • Shift from browser credentials to harvesting AI agent ‘souls’ and identities. • AI agents increasingly integrated into workflows, raising stakes for infostealer developers.
Article Summaries:
- Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment. “This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI [artificial intelligence] agents,” Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details. Vidar is an off-the-she
Sources: