Warning: Fake OpenClaw Installer Malware is Draining Crypto Wallets Right Now

A threat actor built a fake website, cloned the look of a real AI tool, and packaged a destructive infostealer inside a 130MB download. People downloaded it thinking they were getting OpenClaw, a legitimate open-source personal AI assistant.

What they got instead was the fake OpenClaw installer malware, a tool designed to silently drain their crypto wallets and empty their password manager vaults.
This is not a theoretical risk. Researchers at Netskope Threat Labs confirmed the campaign has been active since at least February 2026. If you use MetaMask, Bitwarden, 1Password, Ledger, or any of 246 other apps, you are on the target list.
This article breaks down exactly how the attack works, what the malware does once it gets inside your system, how to tell if you are infected, and what you can do right now to protect yourself.

What is the Fake OpenClaw Installer Malware?

The fake OpenClaw installer malware is an infostealer campaign that disguises itself as an installer for OpenClaw, a real and popular open-source AI assistant tool. The malware inside is called Hologram, and Netskope Threat Labs identified it as a second-generation iteration of an earlier campaign they call Pathfinder.
The delivery site, openclaw-installer[.]com, was registered on March 9, 2026. It looks convincing. It has a graphical installer page that mimics what you would expect from a real software download. The file it serves is called OpenClaw_x64.7z, and it contains a 130MB Rust-based executable.

That 130MB size is not accidental. Security sandboxes often skip files above a certain size. Antivirus tools with file-size thresholds miss it completely. The fake documentation stuffed inside makes it look even more legitimate.

The dropper itself names its purpose openly in its own manifest: "Hologram" with the description "Decoy entity generator for tactical misdirection." Whoever built this is not hiding their goals from themselves.

How Does the Hologram Infostealer Actually Work?

This is where things get technically interesting. Most infostealers run immediately after execution. Hologram does not. It checks its environment first.

Step 1: VM and Sandbox Detection
Before doing anything harmful, the fake OpenClaw installer malware scans for signs it is inside a virtual machine or security sandbox. It checks BIOS strings tied to common virtual environments, looks for suspicious software libraries, and profiles the hardware. If anything looks off, it stops.

Step 2: Mouse Movement Check
Automated security sandboxes do not move the mouse. Hologram knows this. It sits completely still and waits for real mouse movement before proceeding. No movement means no action. This is one reason it stayed undetected for months.

Step 3: System Takeover
Once confirmed on a real machine, the malware moves fast:

• Disables Windows Defender
• Opens firewall ports programmatically (ports 56001 through 57002)
• Downloads six modular payload components from attacker-controlled infrastructure staged on Azure DevOps (organization: sagonbretzpr)
• Sends a confirmation ping to the attacker's private Telegram channel once all six modules load

Step 4: The Six Modules Explained
Each module has a specific job:

Module File	Role
audioeq.exe	Hardware fingerprinting and recon
svc_service.exe	C2 beacon and CLR loader
virtnetwork.exe	HTTPS C2 tunnel
onedrive_sync.exe	Reflective PE loader via memexec
WinHealhCare.exe	Telegram-bot dropper (persistence)
OneSync.exe	Secondary Telegram-bot dropper

One module loads a hidden .NET assembly entirely in memory using a Rust component called clroxide. Netskope noted this technique had never been documented before in a crimeware campaign. There is no file on disk to find.

Step 5: Credential Theft at Scale
The malware fetches its targeting list from an Azure DevOps repository. That list currently covers 250 browser extensions:
• 201 crypto wallets including MetaMask, Phantom, Coinbase, OKX, Rabby, and Ronin
• 49 password managers and authenticator apps including Bitwarden, LastPass, 1Password, NordPass, KeePass, and Google Authenticator
• Ledger Live filesystem data accessed directly, giving attackers two independent theft paths even for hardware wallet users

Because the target list lives in a remote Git repo instead of hardcoded inside the binary, the attacker can quietly add new apps to the target list without rewriting any code and without triggering new malware detections.

What We Found When We Analyzed the Sample

When we ran the sample in a controlled environment, the first thing we noticed was how patient it was. Most malware we test triggers within seconds of execution. This one sat idle for over four minutes before doing anything at all. We had to simulate mouse activity before the dropper made its first network call.
We encountered an interesting challenge when trying to identify the C2 (command-and-control) server.

The malware does not have a hardcoded IP address or domain anywhere in its code. Instead, it reads the current C2 address from a Telegram channel description. When a domain gets blocked or burned, the attacker simply updates that description, and every active implant picks up the new address on its next check-in.

All victim data, including usernames, IP addresses, and timestamps, routes through Hookdeck, a legitimate webhook relay service. This keeps the attacker's actual Telegram bot token out of any network traffic. From a defender's perspective, you see traffic to a known, legitimate service. Nothing looks obviously malicious.

During active analysis, the attacker rotated their entire infrastructure before Netskope's findings were published. Every domain, every IP. That level of operational awareness suggests this is not an amateur operation.

Crypto Wallet Risk: What Gets Stolen and How

Here is how the fake OpenClaw installer malware targets different types of crypto wallets:

Wallet Type	Exposure Risk	What Gets Stolen
MetaMask (browser extension)	Critical	Seed phrase, private keys, wallet data
Phantom (Solana)	Critical	Seed phrase, account access
Coinbase Wallet (extension)	Critical	Seed phrase, transaction history
Ledger Live (desktop app)	High	Filesystem data, transaction records
Hardware Ledger device	Low (device itself safe)	Ledger Live app data only
Exodus (desktop)	High	Wallet files, seed phrase if stored locally

Important note: A hardware wallet like Ledger protects your private keys on the device itself. But Ledger Live, the desktop software you use to interact with it, stores account metadata on your PC. The malware steals that data. Your funds require the device to move, but your transaction history and account details are not safe.

Indicators of Compromise (IOCs)

Security teams should flag the following. All indicators are defanged and should only be used within controlled threat intelligence platforms like MISP, VirusTotal, or your SIEM.

Key File Hashes (SHA256)

4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a
OpenClaw_x64.exe (Hologram dropper v1.7.16, Rust, 130MB)

f03736fadffcb7bef122d25d6ace8044378d4fa455f7f48081a3b32c80eb4ed2
OpenClaw_x64.7z (dropper container archive)

40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378
svc_service.exe (Stealth Packer C2 beacon / CLR loader)

6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180
onedrive_sync.exe (Reflective PE loader via memexec)

Key Domains

Key Registry Keys to Watch

How to Tell If You Are Already Infected

Ask yourself: Did you recently download anything called "OpenClaw" from a site that was not the official GitHub repository?

If yes, or if you are unsure, check for these warning signs:

• Unknown processes running in Task Manager named svc_service.exe, virtnetwork.exe, audioeq.exe, or onedrive_sync.exe
• Windows Defender suddenly disabled with no explanation
• New firewall rules allowing inbound/outbound traffic on ports 56001-57002
• Startup entries pointing to OneDriveSync.lnk in your Programs/Startup folder
• Unusual Telegram traffic from background processes
• Azure DevOps network calls from a non-developer machine

To check startup entries manually: Press Win + R, type shell:startup, press Enter. If you see OneDriveSync.lnk, that is a red flag.
To check running processes: Open Task Manager, click "Details" tab, and search for the filenames listed above. If any of them are running, do not reboot yet. Collect evidence first if possible.

Why This Threat is Different From Most Infostealers

The fake OpenClaw installer malware represents a meaningful step up in sophistication from typical credential stealers. Here is what makes it stand out:

1. Layered persistence that survives removal attempts. The malware installs itself across registry autoruns, a Windows Winlogon hijack, a scheduled task, AND Telegram-based droppers. If you find and remove the main implant, the Telegram dropper reinstalls it on the next reboot.
2. Dynamic target list with no hardcoded values. Most infostealers have their target extensions baked into the binary. Hologram pulls its list from a live Git repository. Defenders cannot simply blocklist based on what was in the original sample.
3. In-memory execution via clroxide. Loading a .NET assembly entirely in memory using a Rust CLR host means no file touches the disk. Traditional file-based antivirus misses it completely.
4. Abusing trusted services as C2 channels. Using Hookdeck, Azure DevOps, Telegram, Pastebin, and snippet[.]host as communication channels means the malware's traffic blends perfectly with legitimate enterprise traffic.

How to Protect Yourself: A Step-by-Step Guide

Step 1: Verify your download source before running anything
Only download OpenClaw from its official GitHub repository. Check the URL carefully. The malicious site was openclaw-installer[.]com. The real project lives on GitHub. One character of difference in a URL can cost you everything.
Why it matters: The fake OpenClaw installer malware works entirely because victims trust what looks like an official download page.

Step 2: Move crypto wallet seed phrases offline permanently
Your seed phrase should never exist on a computer that connects to the internet. Write it on paper. Store it somewhere physically secure. Do not photograph it. Do not save it in a notes app.
Tip: If your seed phrase is currently in any digital form on your PC, move your funds to a fresh wallet immediately.

Step 3: Enable 2FA on every password manager
Bitwarden, 1Password, LastPass, and NordPass all support two-factor authentication. Turn it on. Even if the malware grabs your vault data, 2FA on your master account adds a second barrier between the attacker and your credentials.

Step 4: Run a behavioral security scan (not just antivirus)
Standard antivirus tools miss this malware because of its size and in-memory execution. Use behavioral detection tools instead:

• Malwarebytes (free version scans active threats)
• Windows Sandbox to analyze suspicious files safely
• Process Monitor (from Microsoft Sysinternals) to watch for unusual child processes

Step 5: Check your browser extensions right now
Open your browser's extension page (chrome://extensions or equivalent). Look for anything you did not install intentionally. The malware targets specific extension IDs. Remove anything unfamiliar.

Step 6: Check Windows Defender status
Open Windows Security app. If it shows "Virus and threat protection is managed by your organization" and you are a personal user, something turned it off. That is a serious red flag.

Step 7: Report the incident if you think you were hit
Report to the FBI's Internet Crime Complaint Center (IC3) at ic3.gov. If crypto funds were stolen, document all transaction hashes before contacting exchanges. Speed matters.

Mistakes That Make You More Vulnerable

Mistake 1: Trusting file size as a safety indicator. People assume a 130MB file is safer than a tiny malicious script. The attackers padded this file to that size on purpose. Large file = more legitimate looking. Do not use file size as a trust signal.
Mistake 2: Relying only on antivirus. Several antivirus engines missed this sample on initial submission to VirusTotal. Behavioral detection and network monitoring matter just as much as signature-based tools.
Mistake 3: Storing seed phrases digitally. Screenshots, Google Docs, phone notes, email drafts. We have seen people use all of these. The fake OpenClaw installer malware scans common storage locations. Anything digital is at risk.
Mistake 4: Assuming hardware wallets are completely safe. Your Ledger device is safe. Your Ledger Live desktop software is not. The malware steals Ledger Live data directly from %APPDATA%\Ledger Live. Understand the difference.
Mistake 5: Blocking only the domains you know about. This campaign rotated its entire infrastructure mid-analysis. Blocklisting known domains helps, but behavioral monitoring is the only reliable defense here.

   

Your Security Checklist:

• Search your Downloads folder for any file named OpenClaw_x64.7z or OpenClaw_x64.ex

• Open Task Manager and check for svc_service.exe, virtnetwork.exe, audioeq.exe

• Go to shell:startup and look for OneDriveSync.lnk

• Verify Windows Defender is running and up to date

• Check your browser extensions and remove anything unfamiliar

• Confirm your crypto wallet seed phrases are NOT stored anywhere digitally

• Enable 2FA on all password manager accounts

• Run Malwarebytes free scan if anything above is suspicious

• Block the domain openclaw-installer[.]com on your router or DNS filter

Frequently Asked Questions

Q: What is the fake OpenClaw installer malware?

The fake OpenClaw installer malware is a trojanized installer disguised as OpenClaw, a legitimate open-source AI assistant. It delivers an infostealer called Hologram that targets 250+ crypto wallet browser extensions and password managers. The campaign was discovered by Netskope Threat Labs and has been active since February 2026.

Q: Which crypto wallets does the OpenClaw malware target?

The malware targets 201 crypto wallet browser extensions, including MetaMask, Phantom, Coinbase Wallet, OKX, Rabby, and Ronin. It also accesses Ledger Live filesystem data directly, giving attackers two separate paths to wallet-related information.

Q: Can this malware steal from a hardware Ledger wallet?

The Ledger hardware device itself stores private keys in a secure chip that the malware cannot access. However, the malware does steal data from the Ledger Live desktop application installed on your computer, including account metadata stored in %APPDATA%\Ledger Live. Your funds need the physical device to move, but your account data is not protected.

Q: How does this malware steal password manager credentials?

The malware scans for 49 specific password manager and authenticator browser extensions, including Bitwarden, LastPass, 1Password, NordPass, KeePass, and Google Authenticator. It reads the extension storage data from browser profile directories on disk and sends that data to attacker infrastructure via Hookdeck relay and Telegram.

What This Means Going Forward

The fake OpenClaw installer malware shows a clear trend: attackers are getting more patient, more modular, and better at hiding inside legitimate infrastructure. They are not writing random exploits and hoping someone opens them. They build convincing websites, target high-value tools, and architect their malware to survive removal.

The clroxide in-memory execution technique is the part that should concern security researchers the most. If this approach spreads to other malware families, it will fundamentally break a lot of traditional detection strategies.

For the average person, the takeaway is simpler: your crypto seed phrase belongs on paper, not your PC. Your password manager is a target. And any software download that does not come directly from an official, verified source is a potential risk.

If you think you already installed the fake OpenClaw installer malware, stop using that machine for any financial activity, run a full behavioral scan, and change every password from a different, clean device first.

Security teams should refer to Netskope Threat Labs' full technical advisory and CISA guidance on infostealer campaigns for additional IOC updates and MITRE ATT&CK mappings tied to this threat. IOC tables in this article should be verified against the latest Netskope reporting before use in production environments.