Bing AI Pushed Malware Posing as OpenClaw

Fake GitHub Installers Stole Credentials, Hijacked Victims' Connections Rashmi Ramesh (rashmiramesh_) • March 11, 2026

Attackers uploaded fake installers for open-source assistant OpenClaw to GitHub and pushed them to the top of Bing's artificial intelligence search results. The installers infected victim machines with credential-stealing malware and a proxy tool previously linked to the Black Basta ransomware group, security researchers found.

See Also: The Power of Peer-to-Peer Communities

Huntress discovered the campaign after a user's machine showed signs of infection. The user had searched "OpenClaw Windows" on Bing, who's AI recommended a malicious GitHub repository as the top result. The repository belonged to a GitHub organization of the same name and reused code from a legitimate Cloudflare project in order to appear trustworthy.

Running the Windows executable delivered several malware payloads. One was Vidar, a credential stealer that retrieved its command-and-control address from a public ...