A sophisticated malware campaign known as GhostClaw is currently targeting macOS users by leveraging artificial intelligence and fake GitHub repositories. This campaign utilizes deceptive tactics to steal user credentials and deploy harmful payloads on affected systems.
Deceptive Distribution Techniques
GhostClaw initially emerged in March 2026, as documented by JFrog Security Research. The malware was initially spread through malicious npm packages designed to deceive developers who regularly download tools from public package registries. However, it has since expanded to include repositories on GitHub that mimic common developer resources like trading bots and software development kits.
Researchers at Jamf Threat Labs identified multiple GitHub repositories connected to the GhostClaw activity. Their findings revealed new infection vectors and infrastructure, confirming the campaign’s expansion beyond its original npm-based delivery method. One notable repository, TradingView-Claw, misleadingly garnered 386 stars, adding an appearance of legitimacy to unwary developers.
Advanced Infection Strategies
The GhostClaw campaign employs a dual infection strategy that makes it particularly insidious. In one method, the malware uses README files with detailed instructions that direct users to execute a shell command via curl. This path exploits the user’s trust in typical development workflows to initiate infection.
Alternatively, the malware targets AI-driven coding agents through SKILL.md files that define execution commands. This approach enables automated development tools to inadvertently trigger the infection chain without direct user intervention, broadening the scope of potential victims.
Multi-Stage Execution and Credential Harvesting
Regardless of the initial infection method, GhostClaw employs a consistent multi-stage process to compromise systems. The process begins with an install.sh script, masquerading as a routine setup tool, which silently installs a version of Node.js without requiring elevated privileges. The script’s use of the insecure curl flag to bypass TLS verification is a red flag for security-conscious users.
The setup.js script follows, obfuscated to avoid detection, and is responsible for collecting credentials. To conceal its activity, the script displays fake progress indicators that mimic legitimate installations. The malware then prompts for credentials, validating them using the native macOS binary dscl, thereby avoiding standard authentication dialogs.
Once access is secured, the malware communicates with a command-and-control server to download an encrypted payload, ensuring its persistence by relocating to a directory associated with normal npm activity. Users are advised to verify the origin of any code before execution, especially from seemingly credible sources on GitHub.
Security teams should remain vigilant for unusual dscl usage or processes attempting to gain unauthorized access. Monitoring such activities can help mitigate the risks posed by sophisticated threats like GhostClaw.
.webp?ssl=1 "Indirect Prompt Injection Threatens AI Security")
