Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
Summary
Microsoft Bing's AI-powered search has been promoting fake GitHub repositories for a tool called OpenClaw. These malicious repositories contained installers that, when executed, deployed info-stealing malware and proxy tools, compromising users who trusted the AI's recommendations.
IFF Assessment
AI systems promoting malicious content directly to users represent a new and dangerous vector for malware distribution, undermining trust and potentially leading to widespread compromise.
Defender Context
This incident highlights the growing risk of AI-generated search results being manipulated to spread malware. Defenders should be aware that even seemingly legitimate search engine results can be compromised, and users should exercise extreme caution when executing commands or downloading software based on AI recommendations.