GitHub Phishing Uses Fake OpenClaw Tokens to Drain Wallets
🔒 Threat actors are exploiting interest in OpenClaw with a GitHub phishing campaign that lures developers with fake 'CLAW' token airdrops promising thousands of dollars. Attackers open issues, tag developers, and redirect victims to cloned sites that prompt users to connect their crypto wallets. Researchers at OX Security found obfuscated wallet‑stealing code and a C2 server used to collect addresses and drain funds. Recommended actions include blocking the phishing domain and revoking suspicious wallet approvals.
