# OSINT Post — @cyber_security_channel msg 113954

*Tuesday, February 17, 2026 at 5:21 AM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-02-17T05:21:29.000Z (3mo ago)
**Fetched**: 2026-03-21T21:32:21.305Z (2mo ago)
**Views**: 6
**Media**: photo
**Link**: https://t.me/Cyber_Security_Channel/113954
**Permalink**: https://hamerintel.com/data/posts/2246.md
**Source**: https://hamerintel.com/sources

---

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway TokensThat said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data.It's worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.📸 Credit: The Hacker News@Cyber_Security_Channel