{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihvdldplfprscnxjkbnatd636vsegp4enzs24l54jsagwyiir2spm",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mgo52533yxw2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihbbebxdhic5rlrgt66cldzfhexpycpnxb36xhiyusrpaygo6iuhy"
    },
    "mimeType": "image/jpeg",
    "size": 98553
  },
  "path": "/2026/03/malicious-npm-package-posing-as.html",
  "publishedAt": "2026-03-09T18:31:00.000Z",
  "site": "https://thehackernews.com",
  "tags": [
    "@openclaw-ai"
  ],
  "textContent": "Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.\nThe package, named \"@openclaw-ai/openclawai,\" was uploaded to the registry by a user named \"openclaw-ai\" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for",
  "title": "Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials"
}