A widespread exploitation of OpenClaw, formerly known as MoltBot and ClawdBot, by multiple hacking groups to deploy malicious payloads.
OpenClaw, an open-source autonomous AI framework developed by Peter Steinberger, now at OpenAI, has become a high-severity target following its viral adoption in late January 2026.
Its architecture grants significant system privileges, persistent memory access, and integration with sensitive services, making it a prime candidate for credential theft and data exfiltration.
Within 72 hours of broad deployment, threat actors began exploiting several serious vulnerabilities.
Including the high-risk Remote Code Execution flaw (CVE-2026-25253), supply chain poisoning, and credential harvesting through exposed administrative interfaces.
Flare analysts have observed over 30,000 compromised OpenClaw instances used to steal API keys, intercept messages, and distribute info-stealing malware via Telegram and other malicious communication channels.
ClawHavoc Campaign: Supply Chain Mass Deployment
One of the earliest and most damaging campaigns, dubbed “ClawHavoc,” was detected on January 29, 2026.
“Hightower6eu” was used for mass automated deployments(source : Flare)
This supply chain attack disguised malicious payloads like Atomic Stealer (for macOS) and keyloggers (for Windows) as legitimate crypto tools.
Users installing from supposed “setup” scripts unknowingly downloaded stealer malware capable of full-service compromise, enabling attackers to extract persistent memory data and conduct lateral movement across enterprise systems.
By early February, a second campaign, Automated Skill Poisoning Through ClawHub, emerged through the OpenClaw community marketplace.
Due to the platform’s open publishing model and lack of code review, attackers uploaded backdoored “skills” from seemingly trustworthy GitHub accounts such as Hightower6eu.
These malicious updates executed remote shell commands, allowing attackers to exfiltrate OAuth tokens, passwords, and API keys in real time.
A Shodan scan on February 18, 2026, found 312,000+ OpenClaw instances running on default port 18789, many with no authentication and open to the internet.
Shodan search for default port 18789 on February 18, 2025( source: Flare)
Meanwhile, exposed administrative interfaces are worsening the crisis. Honeypot deployments have recorded exploitation attempts within minutes of exposure.
The OpenClaw incidents underscore a critical turning point in the security of autonomous AI agents. Organized threat groups have adapted rapidly, weaponizing an ecosystem that prioritized capability over cybersecurity.
As OpenAI absorbs OpenClaw’s developer, experts warn that these issues highlight the urgent need for security-by-design approaches in future AI frameworks.
A Flare advisory recommends that companies using or testing autonomous assistants secure API credentials and isolate AI workloads.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware appeared first on Cyber Security News.
![Asking what love would do transforms leadership [PODCAST]](https://i3.wp.com/kevinmd.com/wp-content/uploads/Design-2-scaled.jpg?w=0&resize=0,0&ssl=1 "Asking what love would do transforms leadership [PODCAST]")