Software developers and Mac users are facing a dangerous new threat hidden inside a popular coding registry. Security experts have sounded the alarm on a fake package found on the npm registry that pretends to be a helpful AI tool called OpenClaw. In reality, this “poisoned” code is a sophisticated trap designed to strip a computer of its most private data, from saved passwords and text messages to cryptocurrency wallets and cloud access keys.

A Professional-Looking Trap for Developers

The attack began on March 3, 2026, when a user named “openclaw-ai” uploaded a package called @openclaw-ai/openclawai to the npm library. To an unsuspecting developer, it looked like a standard installation. However, once a user tries to install it, the malware kicks into gear using a “postinstall hook.” This is a sneaky command that automatically runs the malicious code the moment the download finishes.

What makes this specific attack so dangerous is how much effort the hackers put into the “user experience.” Usually, malware runs silently in the background, but this package creates a fake command-line interface. While the virus is actually digging through your files, your screen shows professional-looking progress bars and animations that make it look like a legitimate installation is happening. This clever bit of social engineering is designed to lower the victim’s guard.

Tricking You Into Giving Up Your System Password

The deception doesn’t stop with a fake loading screen. Once the “installation” is supposedly done, a window pops up on the Mac asking for an iCloud Keychain authorization. It looks exactly like a standard Apple system prompt. Most users, thinking the new software just needs permission to sync, will type in their system password.

By doing this, the user unknowingly hands over the keys to their entire digital life. With that password, the malware—which the creators call “GhostLoader”—can unlock the macOS Keychain. This database holds almost every password the user has saved, including credit card details and login credentials for websites.

Total Access to Your Private Conversations and Files

If the malware finds that it doesn’t have enough permission to see certain files, it doesn’t give up. It specifically targets “Full Disk Access” on macOS. If it’s blocked, it pops up a fake AppleScript window with step-by-step instructions, “helpfully” guiding the user on how to go into their System Settings and grant the terminal more power.

Once a user follows these instructions, the malware gains a terrifying level of access. It can read through your iMessage history, look at your private Apple Notes, and browse through your Mail configurations. It even scans your Safari browsing history. All of this personal information is bundled up into a compressed file and sent off to the hackers’ servers.

A “Ghost” That Never Leaves Your Computer

The most advanced part of this attack is the persistent Remote Access Trojan (RAT). This isn’t a one-time theft; the malware stays on the computer to keep spying. It enters a “daemon mode,” which means it runs in the background every time you turn on your Mac. Every three seconds, it checks your clipboard. If you copy a password, a Bitcoin address, or an AWS cloud key, the malware instantly recognizes the pattern and sends it to the attackers.

Furthermore, the hackers can control the infected Mac remotely. They can turn the computer into a proxy to hide their own internet traffic, download even more viruses, or even use a “headless” browser. This last feature is particularly scary: the attacker can launch a hidden version of Chrome or Edge that uses your existing “session.” This means they can log into your Gmail, bank, or social media accounts without needing your password or even a two-factor authentication code, because the browser thinks it’s still you.

How to Stay Safe

This discovery by JFrog researchers highlights a growing trend of “supply chain attacks,” where hackers hide their tools inside the very building blocks developers use to make software. To stay safe, experts recommend always double-checking the author of an npm package and being extremely skeptical of any software that asks for your system password or Full Disk Access immediately after installation.

Would you like me to create a checklist of security settings you should check on your Mac to see if you’ve been compromised?