The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The ClawHavoc Campaign

Feb 27, 2026 1:48:52 PM / by The Hivemind posted in Threat Bulletin, Atomic macOS Stealer, AI agent supply chain attack, AMOS info stealer, ClickFix social engineering, ClawHub poisoning, PolySkill trojan, ClawHavoc, OpenClaw malicious Skills

0 Comments

Verticals Targeted: Cryptocurrency, Corporations, Social Media, Finance, Developers
Regions Targeted: Not Specified
Related Families: Trojan/OpenClaw.PolySkill, Atomic Stealer (AMOS)

Executive Summary

Threat actors conducted a widespread supply chain poisoning operation, named ClawHavoc, by uploading hundreds of malicious Skills to the ClawHub marketplace for the OpenClaw AI agent framework, employing social engineering to induce users to execute payloads that install information stealers and backdoors. The campaign leverages over 900 malicious skills to target high-value users across cryptocurrency, productivity, and social media categories to steal credentials, wallet data, and bot configurations.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More