malware🌐InternationalBleepingComputer
Infostealers Target OpenClaw AI Assistant Secrets for Digital Identity Theft
Monday, February 16, 2026
What
Information-stealing malware is now exfiltrating critical data from OpenClaw AI assistant installations, including authentication tokens and private keys. This development marks a significant shift in infostealer behavior, moving beyond browser credentials to target personal AI agent identities.
Where
OpenClaw AI assistant users worldwide; also, Nanobot users affected by a separate vulnerability.
When
First OpenClaw data theft detected on February 13, 2026. Nanobot vulnerability fixes released recently.
Key Factors
- •The infostealer, believed to be a Vidar variant, employs a broad file-stealing routine that targets keywords like "token" and "private key" found within OpenClaw's configuration directory.
- •Stolen files include `openclaw.json`, `device.json`, `soul.md`, and memory files, containing gateway authentication tokens, public/private keys for device pairing, and persistent contextual data like daily activity logs and private messages.
- •Compromise of these files could enable remote connection to local OpenClaw instances, client impersonation, bypassing "Safe Device" checks, and access to encrypted logs or paired cloud services.
Takeaways
- →Users of OpenClaw and similar local AI agents should implement robust endpoint security solutions and regularly review access permissions for AI-related directories.
- →This incident highlights the growing risk to digital identities stored within AI assistant frameworks, necessitating enhanced security postures for agentic AI tools.
Read Full Article
Opens original article on BleepingComputer
