Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment.
"This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said.
Hudson Rock has now detected a live infection where an infostealer successfully exfiltrated a victim’s OpenClaw configuration environment. This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the “souls” and identities of personal AI agents.
A compromised machine in Lebanon – most likely belonging to a person named قسورة (Qasura), a local ISIS cell commander – contained explosive synthesis manuals, jihadist propaganda, and locally stored XMPP chat logs that should have been encrypted. The chats reveal Qasura receiving direct instructions from Syria-based operatives, coordinating IED attacks that killed security personnel, requesting religious permission for torture, managing cross-border smuggling routes, handling money transfers through Turkey and Syria, and shipping detonator components across the region. Through this single compromised machine, we were able to map the entire cell hierarchy from local commander to senior leadership.
If Infostealer infections are happening in companies like Lockheed Martin, and even in the U.S Navy, we should conclude that the defense industry is also vulnerable to more sophisticated attacks.
In this new research, we examined the state of Infostealer infections in the most sensitive areas, and the results are concerning. Of the tens of millions of computers infected by Infostealers, a portion belong to individuals employed in sensitive companies.
We analyze the type of access hackers can gain from these infections and speculate on how they could exploit such access.
"This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said.