Fetching from the wire…
Public story · 2026-02-17 · source-backed
Vidar malware exfiltrated OpenClaw configs — gateway auth tokens and device key pairs — enabling full agent impersonation on February 13 (disclosed Feb 16). The stolen data enables remote connection to exposed instances, client impersonation in authenticated requests, and bypass of Safe Device verification. This is not a theoretical attack — it happened to a real user. Expect dedicated infostealer modules for OpenClaw, Claude Code, and Cursor within months, following the Chrome/Telegram module pattern.
Each link below shares sources, entities, or timing with this story.
OpenClaw uses Claude Code / Shared entities / Same source / Shared topic
Linked by a graph relationship (OpenClaw uses Claude Code); both cover Agent Identity Theft Goes Live, Expect, OpenClaw, Safe Device; cite the same source (Vidar malware exfiltrated OpenClaw configs).
Claude Code uses Opus / Shared entities / Shared topic / What happened next / Tension
Linked by a graph relationship (Claude Code uses Opus); both cover Claude Code, Cursor, Expect; overlapping topics (agent, claude, code, cursor).
Claude Code uses VS Code / Shared entities / Same source domain / Shared topic / What happened next / Tension
Linked by a graph relationship (Claude Code uses VS Code); both cover Claude Code, Cursor; reported by the same outlet (thehackernews.com).
Windsurf uses Claude Code / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Windsurf uses Claude Code); both cover Claude Code, Cursor, February; overlapping topics (agent, claude, code, cursor).
Claude Code uses VS Code / Shared entities / Shared topic / What happened next / Tension
Linked by a graph relationship (Claude Code uses VS Code); both cover Claude Code, Cursor; overlapping topics (agent, attack, claude, code, data).
Simon Willison uses Claude Code / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Simon Willison uses Claude Code); both cover Claude Code, Cursor; reported by the same outlet (thehackernews.com).
Claude Code partners with Telegram / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Claude Code partners with Telegram); both cover OpenClaw, Telegram; reported by the same outlet (thehackernews.com).
Claude Code competes with Cursor / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Claude Code competes with Cursor); both cover Chrome, Claude Code, Cursor; overlapping topics (agent, chrome, code).