@Qqbrowser/Openclaw-Qbot
A JavaScript package on the npm registry, version 0_0_130, compromised by UNC1069 in the May 2026 WAVESHAPER campaign expansion
Last refreshed: 20 May 2026 · Appears in 1 active topic
Is @qqbrowser/openclaw-qbot affiliated with Tencent's QQ Browser, or is it DPRK namespace mimicry?
Timeline for @qqbrowser/openclaw-qbot
Mentioned in: UNC1069 expands the npm WAVESHAPER supply chain
Cybersecurity: Threats and Defences- Is @qqbrowser/openclaw-qbot a legitimate npm package or is it malware?
- @qqbrowser/openclaw-qbot (version 0.0.130) is a malicious npm package confirmed by GTIG as part of DPRK-linked actor UNC1069's WAVESHAPER.V2 supply-chain campaign. It is not affiliated with Tencent's QQ Browser. It should not be installed.Source: Google Threat Intelligence Group
- What does the WAVESHAPER.V2 backdoor installed by @qqbrowser/openclaw-qbot do?
- WAVESHAPER.V2 provides remote access, data exfiltration capability, and persistence on infected systems. It is identical to the payload used in UNC1069's April 2026 Axios compromise and the @shadanai/openclaw package.Source: Google Threat Intelligence Group
- How does UNC1069 use namespace mimicry to distribute malware through npm?
- UNC1069 registers npm scoped package names that resemble known developer brands (@qqbrowser evokes Tencent's QQ Browser) to reduce installation friction. Automated build pipelines or developers who do not verify package provenance install the package and execute the WAVESHAPER.V2 backdoor.Source: GTIG
- How many npm packages has UNC1069 compromised with the WAVESHAPER.V2 backdoor?
- As of 11 May 2026, GTIG confirmed three: the April 2026 Axios compromise, @shadanai/openclaw, and @qqbrowser/openclaw-qbot. UNC1069 distributed the same WAVESHAPER.V2 payload across multiple scoped namespaces within the same campaign window.Source: Google Threat Intelligence Group
Background
`@qqbrowser/openclaw-qbot` (version 0_0_130, rendered in the npm registry with underscores for directory naming) is an npm registry package confirmed by GTIG as a second expansion of UNC1069's WAVESHAPER.V2 backdoor campaign in May 2026. Alongside `@shadanai/openclaw`, it extends the distribution reach of the same malicious payload first documented in the April 2026 Axios supply-chain compromise . The package is registered under the `@qqbrowser` scoped namespace, a name chosen to evoke the QQ Browser product maintained by Tencent, exploiting developer recognition of browser-adjacent tooling namespaces. Any developer or automated build pipeline that installs `@qqbrowser/openclaw-qbot@0.0.130` without integrity verification executes the WAVESHAPER.V2 payload.
The `@qqbrowser` namespace has no confirmed affiliation with Tencent's QQ Browser product. Its use is consistent with UNC1069's observed pattern of namespace mimicry, registering names adjacent to known developer brands to reduce installation friction. This technique is a variant of dependency confusion, in which a package name resembles a legitimate internal or popular dependency closely enough that automated installers or inattentive developers install it without verification.
The WAVESHAPER.V2 backdoor carried by this package provides remote access, data exfiltration capability, and persistence mechanisms identical to those documented in the Axios campaign. The download volume for `@qqbrowser/openclaw-qbot` is small relative to mainstream npm packages. The broader significance is structural: UNC1069 has now demonstrated the ability to register multiple scoped namespaces on npm within a single campaign window, distributing the same payload across three separate package names to reduce the impact of any single takedown.