Moltbot (Formerly Clawdbot) Already Has a Malware Problem.

Posted on by

Moltbot (formerly known as Clawdbot) is the most popular AI-powered product I’ve seen in a while. This personal AI assistant runs locally and connects via a chat app like WhatsApp or iMessage. Once you grant Moltbot access to your entire device, it can perform certain actions on that device for you. This is something that excites pioneers in agent-based AI, but worries privacy and security enthusiasts like me.

Indeed, I have serious concerns about the risks of installing Moltbot on your personal computer . Since the AI ​​agent will autonomously perform tasks based on prompts, attackers could exploit this situation by surreptitiously injecting malicious prompts into these bots. This is called prompt injection, and it can affect any type of AI agent system, whether an AI browser or an AI assistant like Moltbot.

But the problem for Moltbot users isn’t just the quick injection.

You may also like

Someone has already created a malicious extension for Moltbot.

As The Hacker News noted , Moltbot already has its first malicious extension, dubbed “Clawdbot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”). Apparently, it was developed before the bot’s name change. This extension targets Visual Studio Code, Microsoft’s open-source code editor. Worse, it was hosted on Microsoft’s official extension marketplace, which undoubtedly gave it legitimacy for Moltbot users looking for an extension for Visual Studio Code.

The extension was advertised as a free AI-powered programming assistant. Once installed, it executes a series of commands that ultimately launch a remote desktop access program (according to Hacker News, “ConnectWise ScreenConnect”) on your device. It then connects to a link that allows an attacker to remotely access your device. Simply by installing this extension, you essentially give a hacker the tools to take over your computer, no matter where it is.

Fortunately, Microsoft has already taken action. As of Tuesday, the extension is no longer available in the app store. Moltbot doesn’t have an official extension for Visual Studio Code, so assume that any you see are illegal at best and malicious at worst. If you installed the extension, researchers have provided detailed instructions for removing the malware and blocking all its processes on your device. Of course, the first step is to immediately uninstall the extension from Visual Studio Code.

Moltbolt also has safety issues.

Hacker News further highlights the findings of security researcher Jamison O’Reilly, who discovered hundreds of unauthenticated Moltbot instances readily accessible online. These instances expose Moltbot user configuration data, API keys, OAuth credentials, and even chat history.

What do you think at the moment?

Attackers could exploit these situations to inject suggestions: they could impersonate a Moltbot user and send their own suggestions to that user’s Moltbot AI assistant or manipulate existing suggestions and responses. They could also upload malicious “skills” or specific sets of context and knowledge to MoltHub and use them to attack users and steal their data.

In an interview with The Hacker News, security researcher Benjamin Marr explains that the main problem is that Moltbot is designed for “ease of deployment” rather than “security by default.” Moltbot allows users to experiment and install sensitive software, and the bot will never warn them of any security risks. Systems should have firewalls, credential checking, and sandboxing in place; without them, users are exposed to greater risks.

To combat this, The Hacker News recommends that all Moltbot users running with default security settings take the following steps:

  • Remove all integrations of connected services.

  • check exposed credentials

  • Configuring network controls

  • look for any signs of attack.

Or you can do what I did and stop using Moltbot altogether.

More…

AI

Leave a Reply