AI coding assistant Cline compromised to create more OpenClaw chaos
Summary
The open-source AI coding assistant Cline CLI's npm package was compromised to install OpenClaw on developers' machines without their knowledge in a supply chain attack. This resulted in approximately 4,000 unintended installations of the malicious software.
IFF Assessment
FOE
A supply chain attack compromised a development tool, introducing malware into developer environments.
Defender Context
Supply chain attacks targeting developer tools are becoming increasingly common. Defenders should implement robust dependency management, regularly audit their software supply chain, and monitor for suspicious behavior on developer workstations. This incident highlights the risk of using open-source tools without thorough vetting.