It was my fault, I copied the command and ran it from a search result provided by my OpenClaw that was running on a non-frontier model (I can’t remember which - something small and free).
I’m pretty confident it’s gone, this happened about 6-7 weeks ago. Have been running recurring checks for processes, Malwarebytes, and a PiHole to monitor traffic.
My sense is yes. Running a small, non-frontier model in a "loose harness" has less guardrails under the hood. However I have no evidence besides my outcomes!
An analogy might be: AltaVisa 20+ years ago vs. Google + Chrome today. There are more layers to filter or warn of malicious links.
You can't reliably delete malware by telling Claude Code to find and delete it. You have to reinstall your operating system.