AI-Assisted ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repositories
A sophisticated malware campaign, internally referred to as TroyDen’s Lure Factory, has been identified leveraging artificial intelligence to create deceptive GitHub repositories. This operation specifically targets software developers, gamers, Roblox enthusiasts, and cryptocurrency users by distributing a custom LuaJIT trojan designed to evade automated security defenses.
Deceptive GitHub Repositories
Central to this campaign is a meticulously crafted GitHub repository named `AAAbiola/openclaw-docker`, which masquerades as a Docker deployment tool for the legitimate OpenClaw AI project. The repository features a polished README file with installation instructions for both Windows and Linux platforms, a companion GitHub.io page, and contributions from seemingly credible developers, including one with a notable 568-star repository.
To enhance its credibility, the attacker employed several tactics:
– Artificial Popularity: The repository was padded with throwaway accounts that added stars and forks, creating an illusion of widespread adoption.
– Strategic Tagging: Carefully selected topic tags such as `ai-agents`, `docker`, `openclaw`, and `LLM` were used to push the repository to the top of developer search results.
These strategies effectively lured unsuspecting users into cloning and executing the malicious code.
Scope of the Campaign
Netskope Threat Labs researchers uncovered this campaign after detecting a trojanized package employing behavioral evasion techniques designed to bypass automated analysis pipelines. Further investigation revealed over 300 confirmed delivery packages associated with the same malicious toolchain. These packages included gaming cheats, phone trackers, VPN crackers, and Roblox scripts, all hosted across multiple GitHub repositories and connecting back to the same attacker infrastructure.
The naming conventions for these lures, drawn from obscure biological taxonomy, archaic Latin, and medical terminology, suggest the use of AI-assisted malware production at scale.
Impact on Victims
Upon execution, the malware performs the following actions:
– Geolocation: The victim’s machine is geolocated immediately.
– Data Exfiltration: A full desktop screenshot is captured and sent to a command-and-control (C2) server located in Frankfurt, Germany.
The infrastructure supporting this campaign is robust, with eight confirmed IP addresses behind a load-balanced backend, indicating a setup designed for high-volume operations.
Researchers also linked the operator to a Telegram channel — @NumberLocationTrack — operating under the name TroyDen since June 2025, suggesting that this campaign was active months before the GitHub repositories appeared.
Technical Details of the Payload
The campaign’s payload is ingeniously split into two components to evade detection:
1. Launch.bat: A batch file that initiates the execution process.
2. unc.exe: A renamed LuaJIT runtime.
3. license.txt: An obfuscated Lua script.
Individually, these files appear benign to automated scanners. However, when executed together, they unleash the malicious payload. This design exploits the tendency of standard sandboxes to analyze files in isolation.
Once activated, the payload undergoes several anti-analysis checks:
– Debugger Detection: Scans for the presence of debugging tools.
– System Uptime: Checks for low system uptime, which may indicate a virtual machine.
– Privilege Escalation: Verifies elevated privilege access.
– System Identification: Looks for specific computer names associated with analysis environments.
If any of these checks suggest a sandbox environment, execution is halted. Otherwise, the malware initiates a prolonged sleep state, effectively outlasting typical analysis windows. This tactic ensures that by the time a security tool reports a clean verdict, the payload has already executed on a real machine without leaving traces in sandbox logs.
Further obfuscation is achieved through the Prometheus Obfuscator, which rewrites the Lua script’s control flow, rendering static code analysis ineffective. Additionally, the malware modifies registry settings to disable Windows proxy auto-detection, further concealing its network activities.
Mitigation Strategies
To protect against such sophisticated threats, users and organizations should implement the following measures:
– Verify Repository Authenticity: Before cloning or executing code from a repository, verify its authenticity by checking the credibility of contributors and the history of the repository.
– Use Behavioral Analysis Tools: Employ advanced security tools capable of detecting behavioral anomalies rather than relying solely on signature-based detection.
– Regularly Update Security Software: Ensure that all security software is up-to-date to recognize and mitigate the latest threats.
– Educate Users: Provide training on recognizing phishing attempts and the risks associated with downloading and executing code from unverified sources.
By adopting these practices, individuals and organizations can reduce the risk of falling victim to such AI-assisted malware campaigns.
