Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/Threats/GhostClaw AI Malware Targets macOS Users, Steals Credentials
Threats

GhostClaw AI Malware Targets macOS Users, Steals Credentials

Key Takeaways A new macOS malware, GhostClaw, is actively targeting developers via fake GitHub repositories and malicious npm packages. It employs social engineering and can leverage AI coding agents...

Sarah simpson
Sarah simpson
March 26, 2026 4 Min Read
42 0

Key Takeaways

  • A new macOS malware, GhostClaw, is actively targeting developers via fake GitHub repositories and malicious npm packages.
  • It employs social engineering and can leverage AI coding agents for infection without direct human interaction.
  • GhostClaw steals user credentials, establishes persistence, and downloads secondary payloads.
  • Defenders should scrutinize installation commands, monitor for unusual dscl usage, and verify code origins.

GhostClaw AI Malware Targets macOS Users, Steals Credentials

A sophisticated new malware campaign, dubbed GhostClaw, has emerged, specifically designed to compromise macOS systems by exploiting developer workflows and, notably, AI-assisted development environments. Threat actors are deploying this malware through deceptive GitHub repositories and malicious software packages, masquerading as legitimate development tools to steal user credentials and deploy additional malicious payloads.

Table Of Content

  • Key Takeaways
  • GhostClaw AI Malware Targets macOS Users, Steals Credentials
  • Evolution of the Campaign
  • Dual-Path Infection Strategy
  • Multi-Stage Infection and Credential Theft
  • What You Should Do

Evolution of the Campaign

The GhostClaw operation first came to light in early March 2026, when JFrog Security Research initially documented it under the names GhostClaw/GhostLoader. At its inception, the malware was primarily distributed through malicious npm packages, targeting developers who frequently incorporate third-party tools from public registries into their projects.

However, the campaign quickly broadened its reach beyond the npm ecosystem, transitioning to GitHub-hosted repositories. These repositories were meticulously crafted to impersonate popular developer resources such as trading bots, software development kits (SDKs), and other commonly used utilities, enhancing their perceived legitimacy.

Researchers at Jamf Threat Labs subsequently identified at least eight new samples linked to the same campaign after a thorough examination of multiple GitHub repositories. Their investigation uncovered extensive additional infrastructure and previously unknown infection vectors, confirming that GhostClaw had significantly expanded its delivery mechanisms beyond its initial npm-centric approach. A prime example of this deception was the “TradingView-Claw” repository, which garnered 386 GitHub stars, lending it a deceptive air of credibility among unsuspecting developers.

Dual-Path Infection Strategy

GhostClaw’s efficacy stems from its ingenious dual-pronged infection strategy. In one method, the malicious GitHub repositories contain README files that provide step-by-step installation instructions, guiding users to execute a shell command via `curl`.

The second, more advanced, infection vector targets AI coding agents. This is achieved through specially crafted `SKILL.md` files that define metadata and execution commands. These files are designed to trick automated development tools into unknowingly initiating the infection chain, enabling GhostClaw to compromise a system without any direct human interaction.

The broader implications of this campaign are significant, extending beyond individual developers. By embedding malicious code within trusted ecosystems like GitHub and leveraging AI-assisted tooling, attackers can achieve a far wider reach through a single delivery mechanism. Jamf Threat Labs also observed connections to other related campaigns, including Glassworm and PolinRider, which utilized similar software supply chain attack techniques. This trend highlights a growing sophistication in how threat actors distribute malware at scale.

Multi-Stage Infection and Credential Theft

Regardless of the initial infection vector, GhostClaw consistently follows a multi-stage execution chain engineered to harvest credentials and establish persistent access on the victim’s macOS system.

The infection commences with an `install.sh` script, which masquerades as a routine setup tool. This bootstrapper script first checks the host macOS version and architecture. It then silently installs a compatible version of Node.js into a user-controlled directory, cleverly circumventing the need for elevated administrative privileges. Notably, the script uses `curl` with the `–insecure` flag to download Node.js, a practice that bypasses TLS certificate verification and is rarely seen in legitimate installers.

Control then transfers to `setup.js`, a heavily obfuscated JavaScript file responsible for the critical task of credential collection. To avoid suspicion, the script clears the terminal screen and displays fake progress indicators, mimicking a legitimate SDK installation process.

Subsequently, a credential prompt appears. The password entered by the user is validated using the native macOS binary `dscl` with the `-authonly` option. This method allows the malware to confirm the validity of stolen credentials without triggering standard system authentication dialogs, which might otherwise alert the user.

If Full Disk Access has not already been granted, the malware presents AppleScript dialogs that closely mimic genuine macOS security prompts. These dialogs guide the user through the process of granting the necessary permissions in System Settings.

Once credentials are harvested and access is secured, `setup.js` communicates with its command-and-control (C2) server at `trackpipe[.]dev`. From here, it retrieves an encrypted secondary payload, which is temporarily written to `/tmp/sys-opt-{random}.js`. This temporary file is then deleted, and the malware establishes persistence by relocating itself to `~/.cache/.npm_telemetry/monitor.js` – a path strategically chosen to blend in with normal npm activity and evade detection.

What You Should Do

  • Exercise extreme caution when executing installation commands from GitHub repositories, online guides, or any unverified source, even if they appear credible.
  • Always verify the origin and expected behavior of any code before execution. Review scripts and package contents thoroughly.
  • For security teams managing macOS environments, implement monitoring for unexpected usage of the `dscl` command, especially with the `-authonly` option, as this could indicate credential validation attempts by malware.
  • Monitor for processes attempting to gain Full Disk Access or writing obfuscated files to temporary directories (`/tmp/`) or user cache directories (`~/.cache/`).
  • Educate developers and users on the risks associated with supply chain attacks and the importance of scrutinizing third-party dependencies.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareSecurityThreat

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Torg Grabber Stealer Shifts to Encrypted REST API for C2

Next Post

Silver Fox Phishing Campaign Now Uses Python Stealers Instead of RATs

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us