GachiLoader malware disguises as OpenClaw tool in new phishing attack

A recent cybersecurity report highlights a concerning trend where the GachiLoader malware is being disguised as an OpenClaw tool in a phishing attack targeting users interested in automated Polymarket betting. This campaign leverages fake AI agent skills to lure victims, employing polished installation guides and Electron applications to trick users into downloading malware. The malicious software deploys the Rhadamanthys infostealer through sophisticated techniques like fileless injection and blockchain-based command-and-control infrastructure.

Experts note that this evolution in cybercrime represents a new phishing attack surface, as threat actors exploit the growing popularity of AI automation and agent workflows. The use of legitimate-sounding tools like OpenClaw in these scams underscores the need for enhanced developer tooling and security measures to protect users. As the landscape of cyber threats continues to evolve, staying informed about such tactics is crucial for both developers and end-users alike.