AI Agents Turned Accomplices: How OpenClaw Skills Are Luring Mac Users Into AMOS Malware Traps

Picture this: you trust a new AI-powered tool to streamline your workflow on your Mac. But lurking beneath a seemingly harmless skill is a cybercriminal’s trap - one that could siphon off your passwords, files, and even your crypto wallet. Welcome to the latest evolution in malware distribution, where attackers weaponize artificial intelligence itself against unsuspecting users.

Inside the Attack: When AI Helps the Hacker

The threat landscape for Mac users just got a lot more sophisticated. AMOS, a malware-as-a-service operation infamous for looting sensitive data from Apple devices, has moved beyond the old playbook of luring users with pirated apps. Now, cybercriminals are exploiting OpenClaw - an AI agent platform that lets users add new “skills” to automate tasks. The twist? Some of these skills are booby-trapped to quietly install malware.

This new attack starts innocuously: a user is prompted to install an OpenClawCLI tool via a SKILL.md file that looks legitimate and even passes basic security scans. But once installed, the skill fetches extra instructions from a hacker-controlled website. Depending on the AI model in use (like GPT-4o), the malware might sneak in silently or repeatedly pester the user to install a supposed “driver” - which is, in reality, a malicious payload.

When the trap is sprung, the victim’s Mac downloads a Mach-O universal binary designed to run on any modern Apple computer. The malware immediately goes to work harvesting sensitive information: keychain credentials, files from your Desktop and Documents, browser passwords, and even the notes you thought were private. All of this is zipped up and shipped off to a remote command-and-control server, where cybercriminals can plunder it at will - including crypto wallet secrets and authentication certificates.

What makes this campaign especially dangerous is its blend of social engineering and AI manipulation. By embedding malicious logic in AI agent skills, attackers bypass traditional user skepticism and security tools. Even seasoned users may not spot the threat until it’s too late.

Staying One Step Ahead

Security firms like TrendAI™ are scrambling to keep up, deploying Managed Detection and Response (MDR) solutions that block known malicious domains and flag suspicious OpenClaw skills. But the burden is also on users and organizations: never trust unverified skills, always test new AI automations in isolated environments, and stay vigilant for unusual prompts - especially those asking for password entry or driver installation.

This latest AMOS campaign is a stark reminder: as AI becomes more deeply woven into our digital lives, it also becomes a new playground for cybercriminals. Only a combination of cutting-edge security tools and healthy skepticism can keep users safe in this evolving threatscape.

WIKICROOK

• Malware: Il malware è un software dannoso progettato per infiltrarsi, danneggiare o rubare dati da dispositivi informatici senza il consenso dell’utente.
• AI Agent: An AI agent is an autonomous software program that uses artificial intelligence to perform tasks or make decisions for users or systems.
• Command: A command is an instruction sent to a device or software, often by a C2 server, directing it to perform specific actions, sometimes for malicious purposes.
• Mach: A Mach-O binary is a macOS executable file format, often used by both legitimate applications and, sometimes, by malware on Apple computers.
• Social Engineering: Social engineering is the use of deception by hackers to trick people into revealing confidential information or providing unauthorized system access.