SlowMist | Crypto

SlowMist flagged 472 AI skills containing malicious code, as plugins and extensions increasingly become a target for hackers seeking access to the devices of cryptocurrency investors. A plugin hub associated with the open-source artificial intelligence agent project OpenClaw has become a target for supply chain poisoning attacks, according to a new report from cybersecurity firm SlowMist. In a report released on Monday, SlowMist said attackers have been uploading malicious “skills” to OpenClaw’s plugin hub, known as ClawHub, exploiting what it described as weak or nonexistent review mechanisms. The activity allows harmful code to spread to users who install the plugins, potentially without realizing the risk. SlowMist said its Web3-focused threat intelligence solution, MistEye, issued high-severity alerts related to 472 malicious skills on the platform. Read more

Attackers have hijacked trusted Snap Store publishers via expired domains, allowing malicious wallet updates to reach long-time Linux users. Blockchain security company SlowMist flagged a new Linux-based attack vector that exploits trusted applications distributed through the Snap Store to steal users’ crypto recovery seed phrases.  In a post on X, SlowMist’s chief information security officer, 23pds, said attackers are abusing expired domains to hijack long-standing Snap Store publisher accounts and distribute malicious updates through official channels.  The compromised applications reportedly impersonate popular crypto wallets, including Exodus, Ledger Live and Trust Wallet, using interfaces that closely resemble legitimate software. Read more