GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

Summary

A coordinated campaign has compromised or created over 300 poisoned packages on package repositories, masquerading as legitimate developer tools, game cheats, and other software. The attack leverages AI assistance to scale the distribution effort and targets developers across multiple ecosystems. The 'OpenClaw Deployer' repository serves as a central delivery mechanism for trojan payloads.

Indicators of Compromise

• malware — OpenClaw Deployer