오픈클로 사칭 피싱 확산…깃허브 개발자 노린 가짜 ‘CLAW’ 토큰 공격

Researchers observed a crypto-focused phishing/malware campaign using the C2 domain watery-compost.today and a phishing page token-claw.xyz that targets multiple wallets (WalletConnect, MetaMask, Trust Wallet, OKX, Bybit). The malware collects wallet addresses, transaction details and user names, includes a 'nuke' capability to erase local storage and hinder forensics, and an attacker wallet address (0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5) was extracted; users are advised to block the domains, avoid connecting wallets to untrusted sites, review recent wallet connections, and revoke approvals.