GhostClaw Unmasked: How a Fake npm Package Turned Into a Full System Backdoor

What GhostClaw Is

GhostClaw was distributed through a package that impersonated an installer for a tool called OpenClaw. The package name was intentionally similar to the real project so developers might accidentally install it.

Once installed, the package ran scripts during the installation process. npm allows packages to run scripts like preinstall or postinstall, which many legitimate tools use for setup tasks. In this case, those scripts were used to execute malicious code.

Instead of installing software, the script launched a fake installer interface designed to make the process appear normal.

The Fake Installer Trick

One of the most interesting parts of the attack is the social engineering involved.

When the package runs, it displays what looks like a legitimate installer with progress messages and loading steps. To the user, it appears that a development tool is being installed.

During this process the program prompts the user for their system password, claiming that administrator access is required to finish installation. This prompt looks similar to a real operating system authentication request.

If the user enters their password, the malware captures it and verifies it with the operating system.

At that point the attacker now has both system-level access and user credentials.

Multi-Stage Malware Delivery

The malicious installer does not immediately contain all of the malware. Instead, it downloads additional components from a remote server.

This multi-stage approach helps attackers avoid detection because the initial package looks smaller and less suspicious.

The stages typically work like this:

1. Initial npm package runs installation script
2. Fake installer interface appears
3. User enters system password
4. Malware downloads the main payload from a remote server
5. Persistence mechanisms are installed

Once the final payload is deployed, the attacker gains long-term access to the system.

What the Malware Can Steal

After installation, the GhostClaw malware attempts to collect large amounts of sensitive information from the infected machine.

According to the research, it can extract data such as:

• Browser cookies and saved passwords
• Cryptocurrency wallets
• SSH keys used for server access
• Apple Keychain data
• Browser history and session information
• Notes, email data, and messaging content

In addition to stealing data, the malware can also open a proxy connection, allowing attackers to route internet traffic through the compromised machine.

That effectively turns the victim’s computer into part of an attacker-controlled network.

Why Attacks Like This Are Increasing

Supply chain attacks in open-source ecosystems have grown significantly over the past few years.

• Open ecosystems rely on trust: Developers install packages quickly and often assume they are safe.
• Automation hides complexity: A single command like npm install can trigger scripts, downloads, and system changes.
• Package naming confusion is common: Attackers frequently publish packages with names similar to popular projects.
• New AI tools are creating fresh targets: Developers experimenting with new frameworks may install unfamiliar packages without checking their origin.

Because of these factors, attackers increasingly target package registries like npm, PyPI, and RubyGems.

How Developers Can Protect Themselves

• Verify the package source: Always check the official repository or documentation before installing a new tool.
• Look at download statistics and history: New packages with very few downloads should be examined carefully.
• Review install scripts: If a package includes postinstall scripts, it’s worth taking a quick look at what they do.
• Use dependency scanning tools: Security tools can detect suspicious packages and known malicious dependencies.
• Be cautious with password prompts: Unexpected requests for system credentials during package installation should raise suspicion.