Fake OpenClaw DeepSeek skill uses AI agent workflows to install Remcos RAT and GhostLoader

A malicious OpenClaw skill posing as a DeepSeek integration has been used to deliver Remcos RAT on Windows and GhostLoader on macOS, Linux, and some manual Windows installs. Zscaler ThreatLabz identified the campaign in March 2026 and said the attacker hid malicious commands inside a normal-looking OpenClaw skill file. The fake skill, called DeepSeek-Claw, targets […] The post Fake OpenClaw DeepSeek skill uses AI agent workflows to install Remcos RAT and GhostLoader appeared first on VPN Central.