Microsoft Bing’s AI Search Promotes Fake OpenClaw Repository, Spreading Info-Stealing Malware

In a shocking cybersecurity breach, Microsoft’s Bing AI search engine has been found promoting malicious GitHub repositories disguised as legitimate OpenClaw AI assistant installers, leading unsuspecting users into a trap of malware infections.

The OpenClaw AI Assistant: A Brief Overview

OpenClaw is an open-source AI agent that has rapidly gained popularity as a personal assistant capable of executing tasks, accessing local files, and integrating with email, messaging apps, and online services. Its versatility and functionality have made it a sought-after tool for users looking to enhance their digital productivity.

However, its widespread local access has also made it an attractive target for threat actors looking to exploit its capabilities for malicious purposes.

The Malicious Campaign Unveiled

Managed detection and response company Huntress uncovered a sophisticated campaign last month that spread multiple executables for malware loaders and information stealers to users attempting to install OpenClaw.

The threat actors created fake GitHub repositories posing as OpenClaw installers, which were then recommended by Bing in its AI-powered search results for the Windows version of the tool. This exploitation of Bing’s AI search feature represents a significant escalation in how cybercriminals are leveraging legitimate platforms to distribute malware.

How the Attack Works

The malicious repositories were designed to appear legitimate at first glance. The threat actors tied them to a GitHub organization named openclaw-installer, which may have carried weight in Bing’s AI recommendation algorithm. Additionally, the accounts publishing these repositories were newly created but attempted to increase their legitimacy by copying real code from the Cloudflare moltworker project.

For macOS users, the fake repositories provided installation instructions that directed users to paste a bash command in Terminal. This command would reach a separate GitHub organization called puppeteerrr and a repository named dmg. The repository contained shell scripts paired with Mach-O executables, which Huntress identified as the Atomic Stealer malware.

Windows users weren’t spared either. The fake repositories delivered OpenClaw_x64.exe, which deployed multiple malicious executables. Huntress reported that their Windows Managed AV and Managed Defender for Endpoint solutions quarantined the files on the customer’s machine they analyzed.

The Malware Arsenal

The malicious payloads were diverse and sophisticated. Most of the executables were Rust-based malware loaders that executed information stealers in memory. One of the payloads was the Vidar stealer, which contacted Telegram and Steam user profiles to obtain command-and-control (C2) data.

Another Windows executable delivered through this campaign was the GhostSocks backconnect proxy malware, designed to convert users’ machines into proxy nodes. Attackers can use these compromised systems to access accounts with stolen credentials, effectively bypassing anti-fraud checks. Threat actors also use proxy nodes to route malicious traffic or to hide their tracks during attacks.

The Role of Bing AI in the Attack

What makes this campaign particularly concerning is how the threat actors exploited Bing’s AI-enhanced search feature. Huntress researchers noted that “just hosting the malware on GitHub was enough to poison Bing AI search results.” This suggests that Bing’s AI algorithm may be prioritizing GitHub repositories without sufficient verification of their authenticity or safety.

The AI’s suggested download link in search results pointed directly to the malicious OpenClaw installer on GitHub, demonstrating how sophisticated threat actors have become in manipulating search algorithms to distribute malware.

Scope and Impact

During their investigation, Huntress identified multiple accounts and repositories used in the same campaign, all delivering malware to users seeking OpenClaw installers. While all of the malicious repositories have been reported to GitHub, it remains unclear whether they have been removed at the time of writing.

Protecting Yourself: Best Practices

This incident underscores the importance of exercising caution when downloading software from the internet. Here are some critical safety measures:

• Bookmark official portals: Instead of searching online each time, bookmark the official portals of the software you’re using.
• Verify repository authenticity: Check the creation date of GitHub accounts and repositories, and look for verified badges or official documentation.
• Use security software: Ensure you have up-to-date antivirus and endpoint protection solutions that can detect and quarantine malicious files.
• Be skeptical of AI recommendations: While AI-powered search can be convenient, always verify the legitimacy of recommended downloads before proceeding.

The official OpenClaw repository on GitHub can be found at github.com/openclaw/openclaw.

The Broader Implications

This attack represents a concerning evolution in malware distribution tactics. By leveraging AI-powered search results, threat actors have found a way to bypass traditional security awareness measures. Users have been trained to be cautious of email attachments and suspicious links, but AI-recommended downloads from seemingly legitimate sources represent a new frontier in social engineering.

The incident also raises questions about the responsibility of AI platforms in ensuring the safety of their recommendations. As AI becomes increasingly integrated into our daily digital interactions, the potential for exploitation grows, necessitating robust safeguards and verification mechanisms.

Conclusion

The discovery of Bing AI promoting fake OpenClaw repositories serves as a stark reminder that even trusted platforms can be manipulated by sophisticated threat actors. As AI technology continues to evolve and integrate into our digital lives, users must remain vigilant and adopt a healthy skepticism toward automated recommendations, especially when they involve software downloads.

The cybersecurity community will be watching closely to see how Microsoft responds to this incident and what measures are implemented to prevent similar exploitations of their AI search capabilities in the future.

Tags: #Microsoft #BingAI #OpenClaw #Malware #GitHub #Cybersecurity #InfoStealer #AtomicStealer #Vidar #GhostSocks #Huntress #AIExploitation #SocialEngineering #CyberAttack #SoftwareSecurity #DigitalSafety

Viral Sentences:

• “AI-powered search just became a malware delivery system”
• “Your antivirus won’t save you from AI-recommended malware”
• “When Bing AI becomes a cybercriminal’s best friend”
• “The new phishing: AI-recommended malware repositories”
• “Your search engine might be trying to hack you”
• “AI search poisoning: The next big cybersecurity threat”
• “Microsoft’s Bing AI caught promoting malware installers”
• “GitHub repositories weaponized by AI search manipulation”
• “OpenClaw users unknowingly downloading info-stealers”
• “Rust-based malware loaders hiding in plain sight”

,