Clawdbot AI Malware Just Took Control of MILLIONS of Computers
ClaudBot (now OpenClaw)—an AI tool with 60,000 GitHub stars—exploited admin access to steal SSH keys, API tokens, and crypto credentials within three days of its January release. Its 341 malicious "skills," including one bypassing Apple’s Mac security, exposed millions to prompt injection attacks, draining wallets and enabling mass server breaches. A fake $16M "Claude" token scam further capitalized on the confusion, while stolen data fuels global espionage or corporate sabotage. Digital curator Mike Adams warns against executable AI tools, urging users to opt for static formats like PDFs instead, and ties risks to broader surveillance threats. [Automatically generated summary]
This is a story of Claudbot, which has installed malware across probably hundreds of millions of computer systems around the world, including enterprise systems, and is awaiting remote activation and could achieve a global mass delete of everything from code to data to files to you name it.
And it all happened in just a matter of a few weeks because of some really, well, sloppy people who were very excited about this new AI tool called ClaudBot.
Originally, that's what it was called, although the name changed.
But I'm going to tell you the story of this because when everything shuts down, when the internet starts to break again, you will want to know why.
Like, what happened?
Well, this is probably the reason.
Claudbot.
So, you know, everybody wants to have AI that's a personal assistant, it seems.
I don't.
I don't need an AI to read my emails, you know.
But a lot of people do.
And they want AI.
They can, like, order lunch for them and purchase airplane tickets and shop at Amazon or whatever and do all this stuff for them.
And also build spreadsheets and reply to emails and book appointments, all this kind of stuff.
And so this open source software called Claudebot was released just really a few weeks ago.
It was on GitHub, and it was miraculous, according to a lot of people.
It would book reservations, do all these things.
And it really automated a large part of your day-to-day work if you're a typical corporate worker.
And it just exploded in popularity overnight.
It was wild.
I was watching, like all of a sudden, everybody was talking about it, all these AI influencers and tech influencers.
And they were all saying how great it was at first.
And this app got stars on GitHub to the tune of 60,000 stars, which is a lot.
It means that there were millions of people downloading it.
The problem is that in order for this thing to do all those tasks that I mentioned, you had to give it full admin-level access to everything on your system.
You had to let it read all your files, all your emails, look at all your photos, execute all commands, run anything locally, and also manage all your credentials.
So it would have all your logins to everything.
Your login to X, your login to Facebook, your login to Google, you'll log in to your email, everything.
And it had access to the internet.
So it could go out and it could grab tools and it knows all your passwords and it can use that to do anything it wanted to.
And then over the period of about just three days, Claudebot turned out to be malware.
And it had infected thousands of servers with prompt injection attacks and it had extracted admin level credentials from all these servers all over the world across multiple countries.
And it exposed ports like port 18789.
It left that open to the public internet.
And some of those ports allowed full command execution with no authentication whatsoever.
So the Claudebot system was effectively allowing local host connections with no authentication.
And then it was configured behind what's called a reverse proxy, which is It's a way for the outside world to see your machine and get to it and execute things on your machines.
Basically, that disabled all authentication, which meant that anybody from the outside could access your machine and do anything they wanted.
So here's an example of the kind of thing that happened.
There's a man named Matvi Kukoy, the CEO of Orchestra AI.
He demonstrated a prompt injection attack in about five minutes.
He simply sent an email to an email address monitored by Claudebot.
And then when the agent processed the email, the injected instructions caused it to exfiltrate a private SSH key.
SSH is a secure command line, data handshaking protocol.
It's commonly used in Linux and development environments.
Anyway, this attack required no direct access to the agent.
All you had to do was send an email, and then Claudebot would process the email and open up this SSH.
And then that allowed outside actors to come in and control your computer, even servers.
So a malicious email could creatively chain all these different privileges together to access your file system, to read email and to send emails.
And then, of course, this all went bad very, very quickly.
And the Claudebot program turned out to be storing API keys, authorization tokens, credentials, passwords in just local JSON files with no encryption at all.
And then all kinds of malware immediately started to target this.
They're called InfoStealer malware.
And they can come in and start grabbing everybody's passwords, everybody's API tokens, and then they can use those themselves and basically steal from you.
But it gets even worse.
Just in the last few days of January, there were so-called malicious skills that were published to the ClawHub and GitHub.
And these are registries of tools that Claudebot can tap into.
In total, there were about 341 malicious skills that people downloaded because they thought they were the official skills.
Skills are pieces of code that can accomplish tasks like you could have a skill for posting on X or a skill for reading email or a skill for posting on Facebook or a skill for logging into Google or what have you.
A skill for reading your Gmail, you see?
Or a skill for placing bets on Polymarket.
That's a skill, etc.
Or skills for opening your crypto wallet.
Those are skills.
So all these fake skills got pushed up there and they all looked legit.
And so people downloaded these skills and then they mass installed these skills across all their computers running Claudebot.
And one of the skills, if you downloaded it to your Mac, it actually bypassed the Apple gatekeeper, whatever the malicious code system is.
It bypassed that specifically.
And then it immediately started looking for cryptocurrency keys and passwords, wallet files, browser passwords, cloud credentials, SSH keys, things like that.
And of course, some people got their crypto wallets drained because of this.
Yeah.
So then the name of this project, Claudebot, was just too familiar, too similar to Claude code from Anthropic.
So Anthropic sent a legal letter to the guy that created Claudebot and said, you can't use this name.
You have to rename it.
So he renamed it to Maltbot.
And then what happened is this guy was changing the name on X and GitHub, and he accidentally left the old names wide open and they got immediately grabbed up by crypto scammers.
And those crypto scammers then pushed a fake token that was named Claude, C-L-A-W-D.
And then that crypto, everybody thought it was the official crypto of Claudebot.
And so they started buying it.
And that crypto went to a $16 million market cap, even though it was nothing but crypto scammers.
And of course, it was a giant rug pull.
And all those people lost all that money.
And then the project had to be renamed again to where it's now called OpenClaw.
And it'll probably get renamed again.
So look, the bottom line here is that as of right now, there are probably hundreds of millions of computers and enterprise servers all over the world that have been infected with some of the malicious tools associated with Claudebot.
In addition, who knows how many millions of API keys were stolen, crypto wallets, passwords, authentication passwords, you know, cloud access, Google access.
I mean, who knows what?
Polymarket access, email passwords.
All this stuff was stolen from probably, again, probably hundreds of millions of computers.
So this has all been hoovered up by some actors who seem to have been very coordinated in all of this.
And my question to you is, who do you think was behind this?
And secondly, doesn't this remind you of Stuxnet?
And guess who was behind Stuxnet?
That was Mossad and the CIA.
This is actually, this is Mossad-level activity, if you think about it.
But it could be somebody else.
I'm not saying for sure.
It could be somebody else.
It could be a foreign actor.
Well, I guess Mossad is a foreign actor, but I mean, it could be a maybe it could be Chinese hackers.
Maybe it could be Russian hackers.
Who knows?
But somebody's got all this and somebody's able to initiate a remote attack on like people, somebody can initiate a remote mass delete command right now because there are still many, many systems that are wide open to this.
They can just initiate, you know, delete everything.
Or they could just start draining all the crypto wallets or they could just start sending out mass emails from your own personal email, promoting things or with sort of like scammy or spammy links.
And your friends would think that you send it to them, but it's actually sent by this Claudebot.
Now, if you didn't download Claudebot, then this didn't happen to you.
But there's a lesson in all of this.
And it's the reason why I did not download Claudebot, because I saw people talking about it.
And I immediately said, no way, because it looks like this thing needs admin-level access to all your passwords and all your, like everything.
Otherwise, how's it going to read your emails?
You have to give it access, right?
How is it going to, you know, how's it going to book airplane tickets for you?
Well, it has to have your credit card, right?
Like, am I going to hand over my credit card credentials and my crypto accounts and email accounts or anything else to some bot that I downloaded off GitHub?
No, hell no.
But that's just because I'm older and wiser than most of the people who are using this stuff.
They're like, this is awesome.
Just download it.
Install it.
Give it everything.
And yeah.
And sure enough, they did.
And as a result, they're going to lose everything.
Some of them still don't know how much has been lost.
They got to change every password, every API key.
Oh my God, what a nightmare.
That's insane.
But lots of gullible people did this.
So this is kind of the dark side of the promise of AI.
Just because some fancy new tool promises to make your life easier doesn't mean you want to turn over everything to that tool.
In fact, things can go catastrophically bad.
And that's the case.
That's what's happening here with ClaudeBot.
And this won't be the last either.
There will be other tools that will be offered and other technologies.
And a lot of people are going to take the bait and say, oh, yeah, that sounds awesome.
Really?
It's going to do my email.
Just let it have full access.
We're going to have the same issue with robots too.
Some company is going to say, oh, here's a robot here who can come into your home and can do dishes and fold laundry and sweep your floors.
The thing is, it's got eyeballs and it spies on you and it reports everything back to the cloud, which is controlled by the CIA or Mossad or Bill Gates or whoever.
And it's going to walk around your house when you're not home.
And it's going to inventory everything.
And it's going to upload that to the corporate servers.
And if it finds anything that you're not supposed to have, like, I don't know, an AR-15, then it's going to call the police and you're going to be arrested because the bot had to report you for having an unlicensed rifle or whatever it is, you know, or maybe they find a bong on your coffee table or worse yet, a bong and an AR-15 because, you know, you're having a crazy Friday.
I don't know what that means.
I don't know what you would do with a bong and an AR-15, but that's America.
Some people do.
You get my point.
So that's why I've said, yeah, we're going to check out robots, but we're going to make sure that we never let robots into our home if they're connected to the internet.
And yeah, we're going to use AI tools, but you notice what I advocate with AI is tools that give you knowledge that you can download and have locally that is non-executable.
For example, you know, I'm the developer of the Brightlearn.ai book creation engine.
And you can download every book completely free.
And the books are just PDF files, which do not execute.
And soon we'll have audio books, full-length audio books, completely free.
And you'll be able to download those.
And guess what format they'll be in?
MP3, which is not executable.
There's nothing that executes.
There's nothing that runs.
There's nothing that asks you for permission.
And there's no digital rights management, nothing.
So you can go to brightlearn.ai right now.
You can download 30,000 books completely free.
And coming soon, full-length audio books completely free.
But I don't spy on you.
It's impossible to do so through a PDF or an MP3 or an MP4 video file or an HTML file or anything like that.
It's impossible.
Free Downloads Coming Soon!00:01:50
So know the difference.
When you're downloading things, make sure you understand that it's okay to download things that don't execute, like PDF files.
But it's not okay to download things that are going to run on your system and hoover up all your emails and do things on your desktop and take over everything.
That's not okay.
And it's really important to know the difference.
So anyway, there's a warning for you.
Be mindful of what you're giving permission to.
Whether it's robots or AI tools or what have you.
And you can use all my tools for free.
Just go to brightlearn.ai or brightanswers.ai, which is our AI deep research answer engine, or brightnews.ai.
And you'll find a wealth of information there.
And you can follow more of my podcasts at brighteon.com or naturalnews.com for my articles.
And I'll have a lot more coming for you in the days and weeks ahead.
I'm an AI developer.
And I always use AI to empower humanity and to protect your privacy, protect your knowledge, and to bypass censorship and bypass centralized control.
But other people want to use AI, you know, to scam you and steal all your crypto.
So you got to be careful.
You got to be careful.
That's why I'm posting this.
So thank you for listening.
I'm Mike Adams here of naturalnews.com and brighteon.com.
Take care.
Most commercial laundry and dishwasher detergents contain toxic chemicals.
Try our chemical-free laundry and dishwasher detergent powders for a clean, safe, and healthy home.