TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead by Elizabeth Montalbano Mar 24, 2026 4 Min Read Identity & Access Management Security Microsoft Proposes Better Identity, Guardrails for AI Agents Microsoft Proposes Better Identity, Guardrails for AI Agents by Robert Lemos Mar 24, 2026 4 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Cyberattacks & Data Breaches Remote Workforce Threat Intelligence News GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats. Elizabeth Montalbano , Contributing Writer March 24, 2026 4 Min Read Source: Koshiro K via Shutterstock A widespread AI-assisted campaign promoting an OpenClaw Docker deployer package is spreading more than 300 Trojanized GitHub packages targeting developers and gamers alike with a data-stealing Trojan. Identified by Netskope Threat Labs, the campaign, tracked as "TroyDen's Lure Factory," operates across multiple repositories on the developer site and includes various packages hiding behind a plethora of lures. They include software and components to enable deployment of the viral AI tool OpenClaw, another AI developer tool, a Telegram-promoted phone tracker, a Fishing Planet game cheat, Roblox scripts, crypto bots, and VPN crackers, according to a report published this week. The common thread of these various packages is that lurking within them is a LuaJIT-based Trojan that captures screenshots, performs victim geolocation, and exfiltrates sensitive data, according to the report. Netskope Threat Labs first discovered the packages in a GitHub repository distributing a custom LuaJIT Trojan engineered to evade automated detection. Related: Trivy Supply Chain Attack Targets CI/CD Secrets "The repository impersonated a Docker deployment tool for a legitimate AI project to deploy containerized OpenClaw , using the real upstream repository, a polished README, and a github.io page to appear authentic," Netskope senior staff threat research engineer Vini Egerland wrote in the post. Using OpenClaw as a Lure The project intends to target users seeking easy installations of the OpenClaw project , with a README "that is polished and detailed, with installation instructions for both Linux and Windows" to reinforce a false legitimacy, Egerland wrote. In fact, attackers took great pains to make the repository look real. They list multiple contributors, including a developer with a 568-star repository of their own who was invited to collaborate during a private pre-launch phase, Egerland explained. And that developer even contributed functional code, "possibly in good faith," he wrote. Further investigation found other packages from the same creator hosted across multiple GitHub repositories, with more than 300 confirmed poisoned packages targeting developers, gamers, and the general public simultaneously. Netskope informed GitHub on March 20 of the malicious projects and related packages, and two of the respository lures remain active on the site: the "Fishing Planet Cheat Menu" and the "phone-number-location-tracking-tool." GitHub could not immediately be reached for comment. Payload and AI Assist The LuaJIT payload used in the campaign uses a two-component design: a renamed Lua runtime paired with an encrypted script. Each components passes sandbox analysis when either file is submitted alone, according to Netskope. Related: CISOs Debate Human Role in AI-Powered Security "The threat only emerges when both components execute together, resulting in five anti-analysis checks, a sleep delay of roughly 29,000 years to defeat timed sandboxes, and an immediate full- desktop screenshot exfiltrated as soon as it executes, and credential theft behaviour," Egerland wrote. Once activated, the malware quickly exfiltrates collected data to a command-and-control (C2) server in Frankfurt. The malware also embeds credential-theft capablities, indicating potential for follow-on compromise and lateral movement, Egerland noted. As in more threat campaigns observed recently , the attackers appear to have used AI to help them in developing the campaign. Netskope observed evidence of this in the malicious package lure names, which refer to obscure biological taxonomy, archaic Latin, and medical terminology applied systematically at scale. Indeed, the campaign underscores a critical shift to attacker use of operational AI to build scalable, automated lure ecosystems, making a transition from isolated threats to a continuously generated, adaptive attack process, Egerland noted. Related: AI Conundrum: Why MCP Security Can't Be Patched Away Automation-Busting Campaign The campaign also represents "a purpose-built gap in the automated analysis pipeline" that requires defenders to go beyond automation to ensure the software development chain is protected, Egerland said. Indeed, the entire software supply chain is at risk if developers use a poisoned package to build legitimate software and it is not detected before the code is put into an operational environment. "The result is a threat designed to pass every automated layer — individual file submission, behavioral sandbox, hash matching — and surface only when a human analyst runs everything together in context," he wrote. Indeed, the sheer breadth of the lures used in the campaign indicates the threat actor is aiming for volume across audiences rather than precision targeting. This means that all defenders should treat any GitHub-hosted download "that pairs a renamed interpreter with an opaque data file as a high-priority triage candidate, regardless of how legitimate the surrounding repository looks," Egerland noted. A comprehensive list of IOCs related to the campaign, including hashes, endpoint patterns, and offending GitHub accounts, is included in the report. About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking. See more from Elizabeth Montalbano Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice Cybersecurity Operations Why Stryker's Outage Is a Disaster Recovery Wake-Up Call Why Stryker's Outage Is a Disaster Recovery Wake-Up Call by Jai Vijayan Mar 12, 2026 5 Min Read Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks Threat Intelligence Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Jan 2, 2026 Cyber Risk Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult Jan 12, 2026 | 7 Min Read Endpoint Security CISOs Face a Tighter Insurance Market in 2026 Jan 5, 2026 | 7 Min Read Threat Intelligence 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Jan 30, 2026 | 8 Min Read Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Webinars Building a Robust SOC in a Post-AI World Thurs, March 19, 2026 at 1pm EST Retail Security: Protecting Customer Data and Payment Systems Thurs, April 2, 2026 at 1pm EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Wed, April 1, 2026 at 1pm EST Securing Remote and Hybrid Work