OpenClaw Trap Campaign: Trojanized GitHub Repos Target Devs and Gamers
Key Takeaways A sophisticated new malware campaign, “OpenClaw Trap,” is targeting developers, gamers, and crypto users via trojanized GitHub repositories. The campaign utilizes a custom...
Key Takeaways
- A sophisticated new malware campaign, “OpenClaw Trap,” is targeting developers, gamers, and crypto users via trojanized GitHub repositories.
- The campaign utilizes a custom LuaJIT trojan designed to evade automated analysis by splitting its payload and employing advanced anti-detection techniques.
- Victim machines are geolocated, and full desktop screenshots are exfiltrated to a C2 server in Frankfurt, Germany.
- The threat actor behind the campaign operates extensive infrastructure and may be leveraging AI for malware generation and naming conventions.
A cunning new malware operation is actively compromising software developers, gamers, Roblox enthusiasts, and cryptocurrency users through a network of deceptive GitHub repositories. This campaign, internally designated as “TroyDen’s Lure Factory,” deploys a custom-built LuaJIT trojan specifically engineered to bypass conventional security scanning tools, indicating a high level of technical proficiency and significant resources behind the threat actor.
Table Of Content
At the heart of this attack is a meticulously crafted GitHub repository, AAAbiola/openclaw-docker, which masquerades as a legitimate Docker deployment tool for the OpenClaw AI project. The repository presents a convincing facade, including a professional README file with detailed installation instructions for both Windows and Linux, a complementary GitHub.io page, and even features contributions from seemingly legitimate developers, one of whom boasts a repository with 568 stars.
To further bolster its credibility, the attacker strategically inflated the project’s popularity with numerous throwaway accounts that added stars and forks. Carefully selected topic tags such as “ai-agents,” “docker,” “openclaw,” and “LLM” were employed to push the repository to prominent positions in developer search results, increasing its visibility and potential victim pool.
Netskope Threat Labs researchers uncovered the campaign after identifying a trojanized software package that exhibited unique behavioral evasion techniques designed to defeat automated analysis pipelines. Their subsequent investigation revealed that the same malicious toolchain was present across more than 300 confirmed delivery packages. These packages, disguised as gaming cheats, phone trackers, VPN crackers, and Roblox scripts, were hosted across multiple GitHub repositories, all tracing back to the identical attacker infrastructure.
Intriguingly, the lure directory names, which draw from obscure biological taxonomy, archaic Latin, and medical terminology, strongly suggest machine generation. This points towards the potential use of AI-assisted methods for large-scale malware production and naming, further highlighting the advanced nature of this operation.
The campaign’s reach is broad, impacting a diverse range of users. Upon successful execution, each victim machine is immediately geolocated, and a complete desktop screenshot is captured and transmitted to a command-and-control (C2) server located in Frankfurt, Germany. With eight confirmed IP addresses operating behind a load-balanced backend, the infrastructure is clearly designed to handle a high volume of compromised systems.
Researchers also linked the operator to a Telegram channel, @NumberLocationTrack, which has been active under the name “TroyDen” since June 2025. This suggests that the campaign was already operational for several months before the deceptive GitHub repositories began to appear.
Two Files, One Weapon
A particularly distinctive technical aspect of this campaign is its method of payload delivery, which is split to bypass detection. Each malicious ZIP archive contains three distinct components: a batch file named Launch.bat, a renamed LuaJIT runtime executable called unc.exe, and an obfuscated Lua script disguised as license.txt. When these files are submitted individually to automated scanners, they appear benign.
The threat only activates when the batch file executes both components in the correct sequence. This design cleverly exploits how standard sandboxes typically analyze files in isolation, allowing the combined threat to evade detection. Once armed, the payload initiates a series of five anti-analysis checks, looking for debuggers, low RAM, short system uptime, elevated privilege access, and specific computer names. If any indicators of a sandbox environment are detected, execution is halted.
If the environment appears legitimate, a Sleep() call is triggered for approximately 29,000 years, a duration far exceeding any timed analysis window. This tactic ensures that by the time a security tool reports a clean verdict, the payload has already executed on a real machine, leaving no trace in sandbox logs. Subsequently, the Prometheus Obfuscator rewrites the Lua script’s control flow, rendering static code analysis unreliable. Four registry modifications disable Windows proxy auto-detection, enabling outbound traffic to bypass corporate inspection layers.
The payload then captures the victim’s full desktop and uploads it via a hardcoded multipart POST request to the Frankfurt C2 server. The server responds by sending encrypted task and loader blobs, which are then saved to the victim’s Documents folder. The C2 boundary string—a fixed 38-character value consistently observed across all requests—suggests the operator likely utilized AI-assisted code generation for the server-side panel.
What You Should Do
- Any machine that has downloaded packages from the identified malicious repositories should be considered compromised and thoroughly investigated for signs of unauthorized access.
- Security teams should prioritize any GitHub download that pairs a renamed interpreter with an opaque data file for immediate triage and investigation.
- Deploy the published Indicators of Compromise (IOCs) into your EDR and network monitoring tools without delay.
- Block all outbound connections to the confirmed C2 IP addresses at the firewall level to prevent further exfiltration and control.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.