BTC $62,133.86 -2.43%
ETH $1,765.10 -2.03%
BNB $565.55 -1.39%
XRP $1.06 -2.03%
SOL $74.59 -2.58%
TRX $0.3242 -2.07%
DOGE $0.0716 -1.14%
ADA $0.1565 -3.04%
BCH $234.28 -3.01%
LINK $7.85 -1.61%
HYPE $63.12 -6.17%
AAVE $94.00 -3.27%
SUI $0.7136 -3.01%
XLM $0.1806 -2.75%
ZEC $492.34 -7.84%
BTC $62,133.86 -2.43%
ETH $1,765.10 -2.03%
BNB $565.55 -1.39%
XRP $1.06 -2.03%
SOL $74.59 -2.58%
TRX $0.3242 -2.07%
DOGE $0.0716 -1.14%
ADA $0.1565 -3.04%
BCH $234.28 -3.01%
LINK $7.85 -1.61%
HYPE $63.12 -6.17%
AAVE $94.00 -3.27%
SUI $0.7136 -3.01%
XLM $0.1806 -2.75%
ZEC $492.34 -7.84%

慢雾 CISO:警惕恶意 npm 包 “@openclaw-ai/openclawai”,其窃取加密钱包私钥及系统凭证

2026-03-10 11:55:45
收藏

ChainCatcher 消息,据慢雾科技首席信息安全官 23pds 披露,情报系统发现名为 “@openclaw-ai/openclawai” 的恶意 npm 包正在实施多层攻击。

该恶意包伪装成名为 OpenClaw Installer 的合法命令行工具,旨在窃取用户敏感信息,包括系统凭证、加密钱包私钥、浏览器数据、SSH 密钥以及 Apple Keychain 数据库等。

app_icon
ChainCatcher 与创新者共建Web3世界