A big AI-assisted campaign for an OpenClaw Docker deployer package is sending out more than 300 Trojanized GitHub packages that steal data from both developers and gamers. Netskope Threat Labs found the campaign, which is being tracked as "TroyDen's Lure Factory." It runs across many repositories on the developer site and has many packages that are hidden behind a lot of lures.
A report that came out this week says that they include software and parts that let you install the viral AI tool OpenClaw, another AI developer tool, a phone tracker that Telegram promotes, a Fishing Planet game cheat, Roblox scripts, crypto bots, and VPN crackers.
The report says that all of these packages have a LuaJIT-based Trojan in them that takes screenshots, finds the victim's location, and steals sensitive data. Netskope Threat Labs found the packages first in a GitHub repository that was sharing a custom LuaJIT Trojan that was made to avoid being detected automatically. Related: AI Problem: Why MCP Security Can't Be Fixed ## Campaign to Stop Automation Egerland said that the campaign also shows "a purpose-built gap in the automated analysis pipeline" that defenders need to fill in order to protect the software development chain.
If developers use a poisoned package to make real software and it isn't found before the code is put into use, the whole software supply chain is in danger.
He wrote, "The result is a threat that can get through every automated layer, like individual file submission, behavioral sandbox, and hash matching, and only show up when a human analyst puts everything together in context." The wide range of lures used in the campaign shows that the threat actor is going for volume across audiences instead of precise targeting. Egerland said that all defenders should treat any GitHub-hosted download "that pairs a renamed interpreter with an opaque data file as a high-priority triage candidate, regardless of how legitimate the surrounding repository looks."
