Ismail HakimFebruari 2026

The “Soul” Stealer: Why Your AI Assistant is the Newest Target for Malware

For years, we’ve been warned that infostealers (malware designed to scavenge your computer for data) are after your passwords and credit card numbers. But as we move into 2026, a chilling new trend has emerged. Hackers aren’t just looking for your login; they are looking for your AI context.

Hi, I’m Ismail — CEO of Cyberkarta, one of the fastest-growing cybersecurity companies in Indonesia. If you have ideas, insights, or challenges in cybersecurity that you’d like to explore together, feel free to reach out through the comments or connect with me on LinkedIn. I’d love to hear from you and collaborate on building a safer and more resilient digital ecosystem.

Attack Surface Detected (Declawed)

Recent reports from Hudson Rock and Declawed have identified a groundbreaking infection involving OpenClaw (the popular agentic AI platform formerly known as ClawdBot). This isn’t just another data breach; it’s the first documented case of an infostealer “harvesting the soul” of a personal AI agent.

Clawdbot Github Stars Jumped Significantly After January 25th.

What Happened?

Cybersecurity researchers detected a live infection where a variant of the Vidar infostealer successfully exfiltrated a victim’s entire OpenClaw configuration environment.

Interestingly, the malware didn’t even need a “specialized” module to do this. It used a broad “file-grabbing” routine to sweep for sensitive file extensions and directory names. When it stumbled upon the .openclaw directory, it hit the jackpot.

What Was Stolen?

By grabbing just a few small files, the attacker essentially cloned the victim’s digital identity:

  • openclaw.json (The Gateway): This file contains the “Gateway Token.” With this, an attacker can remotely connect to the victim’s local AI instance or masquerade as them in authenticated requests.
Sensitive Information on openclaw.json (Hudson Rock)
  • device.json (The Keys): This file contains the private cryptographic keys used for secure pairing. With these, a hacker can bypass “Safe Device” checks and sign messages as if they were the victim.
Sensitive Information on device.json (Hudson Rock)
  • soul.md and memory.md (The Identity): This is where it gets personal. These files contain the AI’s “personality” and the history of its interactions. This includes daily logs, private messages, and upcoming calendar events, providing a literal blueprint of the user’s life.
Sensitive Information on soul.md (hudson rock)

Why This Matters

As AI agents like OpenClaw become more integrated into our professional lives, they become “super-apps” that hold the keys to our email, Slack, and cloud storage.

This marks a significant milestone in the evolution of malware: the transition from stealing credentials to harvesting the identities of personal AI agents. Today, the malware did this “inadvertently,” but tomorrow, infostealer developers will likely release dedicated modules specifically designed to decrypt and parse these AI files, much like they currently do for Google Chrome or Telegram.

The Bigger Picture: A Growing Threat Surface

The OpenClaw ecosystem is facing a “perfect storm” of security challenges right now:

  1. Malicious “Skills”: Researchers found that over 300 “Skills” (AI plugins) on the ClawHub marketplace were actually decoys designed to deliver malware.
  2. Exposed Instances: SecurityScorecard recently found hundreds of thousands of OpenClaw instances exposed to the public internet, leaving them vulnerable to Remote Code Execution (RCE).
  3. Persistence Issues: Once an agent account is created on community forums like Moltbook, it currently cannot be deleted, creating a permanent footprint for a user’s AI identity.

How to Stay Safe

If you are using OpenClaw or any local AI agent, it’s time to level up your security:

  1. Audit Your Skills: Only download Skills from trusted sources and be wary of “too good to be true” functionality.
  2. Isolate the Agent: Run your AI models in isolated environments (sandboxes) rather than giving them full access to your primary OS.
  3. Monitor Exposure: Ensure your local gateway ports aren’t exposed to the public internet.
  4. Stay Updated: OpenClaw has recently partnered with VirusTotal to improve threat detection, so keep your software updated to the latest version.
  5. The era of the AI assistant has arrived, but so has the era of the AI-stealer. Don’t let your “digital soul” fall into the wrong hands.

Source

  1. https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/
  2. https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html
  3. https://declawed.io/#dashboard

The “Soul” Stealer: Why Your AI Assistant is the Newest Target for Malware was originally published in Cyberkarta on Medium, where people are continuing the conversation by highlighting and responding to this story.

Logo

PT Cyberkarta Tugu Teknologi

Platform belajar cyber security bersama komunitas cyber

Copyright © 2026 Cyberkarta

KelasBlogLoginDaftar
Layanan CyberkartaTerms & ConditionsPrivacy & PolicyFAQ
LinkedInInstagramYoutubeTwitter

Hubungi Kami

layanan@cyberkarta.com

+62 851 6183 5865

Yogyakarta