Domenica 05 Luglio 2026 17:43:16 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContatti
ItalianoEnglishArabic

Malware & Botnets

Botnet Goldmine: Tens of Thousands of OpenClaw AI Agents Left Wide Open for Global Hijack

Published: 10 February 2026 11:37Category: Malware & BotnetsAuthor: TRUSTBREAKER

Subtitle: A critical misconfiguration in OpenClaw AI bots exposes users worldwide to remote takeover, identity theft, and financial loss.

Imagine a world where not just your files, but your digital alter-ego-an autonomous AI agent-can be hijacked by anyone with an internet connection. That’s not a dystopian fantasy: it’s happening right now, as over 15,200 OpenClaw AI control panels have been left swinging in the digital breeze, fully exposed for attackers to seize and exploit.

The Anatomy of a Cybersecurity Catastrophe

OpenClaw, an open-source framework previously known as Clawdbot and Moltbot, powers “agentic” AI bots that do much more than just sit idly-they execute real-world tasks, from managing files to sending messages across platforms like Telegram or Discord. But a disastrous default setting left these agents listening on 0.0.0.0, meaning anyone, anywhere, could connect-no hacking skills required.

The STRIKE Threat Intelligence Team at SecurityScorecard used internet-wide scanning and favicon fingerprinting to uncover the scale: 42,900 unique IPs running OpenClaw panels in 82 countries. Over 15,200 were found with full system access and, in many cases, weak or absent passwords.

This isn’t just about data theft. When an attacker compromises an OpenClaw agent, they inherit its powers. That means instant access to sensitive API keys, OAuth tokens, SSH keys, and even the ability to impersonate the victim across messaging platforms. In some cases, bots can automate draining of crypto wallets or hijack browser sessions for financial gain.

Adding fuel to the fire: a major Remote Code Execution flaw (CVE-2026-25253, CVSS 8.8) lets an attacker steal authentication tokens with a single malicious link-no interaction needed. To make matters worse, nearly 80% of exposed bots are running outdated forks under old names, rarely updated or patched. Many are hosted on major cloud providers, where insecure deployment templates perpetuate the vulnerability across new installations.

The Double-Edged Sword of Agentic AI

Unlike a compromised website, a hijacked AI agent acts with the victim’s authority. Attackers could build sprawling botnets, spread ransomware, or orchestrate identity theft at scale. This isn’t AI hype-it’s exposed digital infrastructure with real-world consequences.

What Now? Steps to Contain the Damage

Experts urge immediate action: reconfigure OpenClaw to bind only to 127.0.0.1 (localhost), enforce strong passwords, update all instances, and scan for exposed panels. Cloud providers must audit and fix deployment templates, while developers should abandon risky default settings. The lesson is clear: powerful tools demand responsible deployment-or the cost is global chaos.

Conclusion

The OpenClaw debacle is a stark warning for the future of agentic AI. As we entrust more to autonomous bots, security missteps don’t just risk data-they risk the very actions and identities of users worldwide. The line between innovation and catastrophe has never been thinner.

WIKICROOK

  • Remote Code Execution (RCE): Remote Code Execution (RCE) is when an attacker runs their own code on a victim’s system, often leading to full control or compromise of that system.
  • API Key: An API key is a unique code that lets programs access data or services. If not properly secured, it can pose a cybersecurity risk.
  • Favicon Fingerprinting: Favicon fingerprinting identifies web applications by analyzing their unique icons, helping attackers or researchers recognize technologies or platforms used on websites.
  • 0.0.0.0 Binding: 0.0.0.0 binding lets a service accept connections from any IP address, not just local users, which can increase both accessibility and risk.
  • Agentic AI: Agentic AI systems can independently make decisions and take actions, operating with limited human oversight and adapting to changing situations.