Back to Intelligence

How to Defend Against the GitHub 'OpenClaw Deployer' Trojan Campaign

SA
Security Arsenal Team
March 30, 2026
6 min read

How to Defend Against the GitHub 'OpenClaw Deployer' Trojan Campaign

Introduction

A recent cybersecurity campaign has targeted developers and organizations by distributing malware through a GitHub repository known as "OpenClaw Deployer." This repository, which appears legitimate at first glance, is actually a delivery mechanism for over 300 poisoned packages. These malicious packages affect a wide range of assets, including developer tools and game cheats.

For defenders, this highlights the growing risk of software supply chain attacks. Even trusted platforms like GitHub can be weaponized to distribute malware, making it critical to implement robust defenses to detect and block malicious packages before they infiltrate your environment.

Technical Analysis

Overview of the Threat

The "OpenClaw Deployer" campaign leverages social engineering and AI-assisted techniques to spread trojanized packages. Attackers create repositories that mimic legitimate tools, enticing users to download and install malicious dependencies. Once installed, these packages execute malicious code, often stealing sensitive data, establishing persistence, or providing remote access to the attacker.

Affected Products and Systems

The campaign targets developers using Python, Node.js, and other package managers. Poisoned packages have been identified in:

  • Python (PyPI): Malicious packages with typosquatting names or fake descriptions.
  • Node.js (npm): Packages claiming to offer game cheats or developer utilities.
  • Game Mods: Custom cheats and mods that hide malicious payloads.

Severity

The severity of this campaign is high due to:

  • The broad attack surface (hundreds of packages).
  • The difficulty of distinguishing malicious packages from legitimate ones.
  • The potential for data theft, ransomware deployment, or lateral movement within networks.

Patch and Fix Details

As of now, there is no single "patch" for this campaign since it relies on social engineering and supply chain manipulation. However, GitHub and package repository maintainers are actively removing malicious repositories and packages. Organizations must focus on detecting and blocking these threats proactively.

Defensive Monitoring

SIGMA Rules

Below are SIGMA detection rules to identify malicious package installations and suspicious process activity related to this campaign.

YAML
---
title: Suspicious Python Package Installation
id: 123e4567-e89b-12d3-a456-426614174000
status: experimental
description: Detects the installation of suspicious Python packages associated with the OpenClaw campaign.
references:
  - https://www.darkreading.com/application-security/github-openclaw-deployer-repo-delivers-trojan
author: Security Arsenal
date: 2025/03/29
tags:
  - attack.initial_access
  - attack.t1195.001
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith: '\python.exe'
    CommandLine|contains:
      - 'pip install'
      - 'python -m pip'
    CommandLine|contains:
      - 'openclaw'
      - 'deployer'
      - 'gamecheat'
      - 'devtools'
  condition: selection
falsepositives:
  - Legitimate installation of packages with similar names
level: high
---
title: Suspicious Node.js Package Installation
id: 234e5678-f89b-23d3-b456-526614284111
status: experimental
description: Detects the installation of suspicious Node.js packages associated with the OpenClaw campaign.
references:
  - https://www.darkreading.com/application-security/github-openclaw-deployer-repo-delivers-trojan
author: Security Arsenal
date: 2025/03/29
tags:
  - attack.initial_access
  - attack.t1195.002
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith: '\npm.cmd'
    CommandLine|contains:
      - 'npm install'
      - 'npm i'
    CommandLine|contains:
      - 'openclaw'
      - 'deployer'
      - 'cheat'
  condition: selection
falsepositives:
  - Legitimate installation of packages with similar names
level: high
---
title: Suspicious PowerShell Execution from GitHub
id: 345e6789-09bc-34d3-c456-636614394222
status: experimental
description: Detects PowerShell scripts downloading payloads from GitHub, a common tactic in supply chain attacks.
references:
  - https://attack.mitre.org/techniques/T1059/001/
author: Security Arsenal
date: 2025/03/29
tags:
  - attack.execution
  - attack.t1059.001
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith: '\powershell.exe'
    CommandLine|contains:
      - 'Invoke-WebRequest'
      - 'IEX'
      - 'DownloadString'
    CommandLine|contains:
      - 'github.com'
      - 'raw.githubusercontent.com'
  condition: selection
falsepositives:
  - Legitimate scripts downloading from GitHub
level: medium

KQL Queries for Microsoft Sentinel/Defender

These KQL queries help detect malicious package installations and suspicious activity in your environment.

KQL — Microsoft Sentinel / Defender
-- Detect suspicious Python package installations
DeviceProcessEvents
| where ProcessCommandLine contains "pip install" 
| where ProcessCommandLine has_any ("openclaw", "deployer", "gamecheat", "devtools")
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
| order by Timestamp desc


-- Detect suspicious Node.js package installations
DeviceProcessEvents
| where ProcessCommandLine contains "npm install" 
| where ProcessCommandLine has_any ("openclaw", "deployer", "cheat")
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
| order by Timestamp desc


-- Detect PowerShell downloading from GitHub
DeviceProcessEvents
| where FileName =~ "powershell.exe"
| where ProcessCommandLine has_any ("Invoke-WebRequest", "IEX", "DownloadString")
| where ProcessCommandLine contains "github.com"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
| order by Timestamp desc

Velociraptor VQL Hunt Queries

Use these Velociraptor hunts to search for indicators of compromise (IOCs) related to the OpenClaw campaign.

VQL — Velociraptor
-- Hunt for suspicious Python package installations
SELECT Pid, Name, CommandLine, Exe, Username, CreateTime
FROM pslist()
WHERE CommandLine =~ 'pip install.*openclaw'
   OR CommandLine =~ 'pip install.*deployer'
   OR CommandLine =~ 'pip install.*gamecheat'
   OR CommandLine =~ 'pip install.*devtools'


-- Hunt for suspicious Node.js package installations
SELECT Pid, Name, CommandLine, Exe, Username, CreateTime
FROM pslist()
WHERE CommandLine =~ 'npm install.*openclaw'
   OR CommandLine =~ 'npm install.*deployer'
   OR CommandLine =~ 'npm install.*cheat'

PowerShell Remediation/Verification Script

Use this script to check for the presence of known malicious packages on a system.

PowerShell
# Check for suspicious Python packages
$suspiciousPackages = @("openclaw", "deployer", "gamecheat", "devtools")
$installedPackages = pip list 2>$null

foreach ($pkg in $suspiciousPackages) {
    if ($installedPackages -match $pkg) {
        Write-Host "[ALERT] Suspicious package found: $pkg" -ForegroundColor Red
    }
}

# Check for suspicious Node.js packages
$npmPackages = npm list -g --depth=0 2>$null

foreach ($pkg in $suspiciousPackages) {
    if ($npmPackages -match $pkg) {
        Write-Host "[ALERT] Suspicious npm package found: $pkg" -ForegroundColor Red
    }
}

Remediation

To protect your organization from the "OpenClaw Deployer" campaign and similar supply chain attacks, follow these steps:

  1. Block Malicious Repositories: Add known malicious GitHub repositories and package names to your allowlist/blocklist configurations.
  2. Educate Developers: Train developers to verify the authenticity of packages before installation. Encourage the use of package signing and checksum verification.
  3. Implement Package Scanning: Use tools like safety, pip-audit, or npm audit to scan for known vulnerabilities and malicious packages.
  4. Monitor Installations: Deploy the SIGMA rules, KQL queries, and Velociraptor hunts provided above to detect and respond to suspicious activity.
  5. Review and Remove: Regularly audit installed packages and remove any that are unused or suspicious.
  6. Update Dependencies: Keep all dependencies up-to-date to mitigate known vulnerabilities.

Related Resources

Security Arsenal Healthcare Cybersecurity AlertMonitor Platform Book a SOC Assessment healthcare Intel Hub

healthcarehipaaransomwaregithubsupply-chaintrojanpythonsoc

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action