AI-Powered OpenClaw Trap Lures Developers with GitHub Repos That Have Been Hacked

Netskope Threat Labs has found a huge malware campaign called "TroyDen's Lure Factory." The campaign spreads a custom LuaJIT info-stealer through more than 300 hacked GitHub repositories. Threat actors trick people into giving them their information by pretending to be highly sought-after tools, such as an OpenClaw AI deployer, gaming cheats, Roblox scripts, and phone-tracking utilities.

The campaign successfully compromises a wide range of targets across different communities by using polished fake repositories and fake social proof. The attack shows that more and more sophisticated malware infection vectors are being hosted directly on developer platforms. The huge size of this malicious operation strongly suggests that it used automated, AI-assisted malware creation. All of these versions use the same infrastructure, which can handle a lot of traffic.

Security analysts found that the command server has a single management panel that is hidden behind eight load-balanced IP addresses. The server endpoints even show signs of AI-assisted coding, with simple API routes for getting screenshots and sending out new malicious tasks. This operation shows a dangerous new trend in cybercrime: more than 300 confirmed delivery packages aimed at different groups of people.

Visit netskope.com for more information. Call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/ for private help. If you need help in the UK, call the Samaritans at 08457 90 90 90, go to a local Samaritans branch, or click here.