{"data":{"id":"33c47a95-2a95-4fa9-81c6-eac3e06c81ee","title":"Infostealer malware found stealing OpenClaw secrets for first time","summary":"Infostealer malware (malware designed to steal sensitive files and credentials) has been spotted for the first time stealing configuration files from OpenClaw, a local AI agent framework that manages tasks and accesses online services on a user's machine. The stolen files contain API keys, authentication tokens, and other secrets that could allow attackers to impersonate users and access their cloud services and personal data.","solution":"For nanobot (a similar AI assistant framework), the development team released fixes for a max-severity vulnerability tracked as CVE-2026-2577 in version 0.13.post7. No mitigation or update is mentioned in the source for OpenClaw itself.","labels":["security","privacy"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/","publishedAt":"2026-02-16T17:32:26.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenClaw","Vidar infostealer","nanobot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}