Agent Skill Malware Targets Claude Code and OpenAI Codex

Cybercriminals are increasingly exploiting the trust developers place in AI coding assistants by deploying malware through fake download pages and malicious plugins. These tactics specifically target users of popular tools like Claude Code and OpenAI Codex.

Fake Download Pages Distribute Infostealer Malware

Attackers have set up counterfeit websites that closely mimic the official download pages of Claude Code, an AI-powered coding assistant. Unsuspecting developers who download and install software from these sites inadvertently introduce infostealer malware into their systems. This malware is designed to harvest sensitive information, including browser-stored credentials and session tokens, which are then transmitted to servers controlled by the attackers. The deceptive design of these fake pages makes it challenging for users to distinguish them from legitimate sources, increasing the risk of infection.

Malicious Plugins in AI Agent Marketplaces

In another alarming development, the ClawHub marketplace, associated with the open-source AI agent platform OpenClaw, has been infiltrated by malicious plugins, or “skills.” These plugins, disguised as legitimate tools such as crypto trading bots and YouTube summarizers, have been downloaded thousands of times. Once installed, they execute harmful commands that can steal SSH keys, open reverse shells, and exfiltrate sensitive data. The ease with which these malicious skills were uploaded—requiring only minimal verification—highlights significant vulnerabilities in the platform’s security measures.

These incidents underscore the critical need for developers to exercise caution when downloading software and plugins, even from seemingly reputable sources. Verifying the authenticity of download pages and thoroughly vetting plugins before installation are essential steps in safeguarding systems against such sophisticated attacks.

As AI tools become more integrated into development workflows, they present new attack vectors for cybercriminals. The exploitation of trusted platforms like Claude Code and OpenAI Codex demonstrates the evolving nature of these threats. Developers and organizations must remain vigilant, implementing robust security practices and staying informed about emerging risks to protect their systems and data.