“Malicious Actors Clearly Adapting to Widespread Interest in Popular AI Tools”: AI Fans Beware, Hackers Create Fake Claude Site to Spread Malware Through Backdoor

A spoofed site (claude-pro[.]com) provides poisoned installers that load DonutLoader and the Beagle backdoor
The operation imitates legitimate Claude software, likely related to PlugX operators using DLL sideloading.
Researchers warn of malvertising and SEO poisoning, urging users to check links before downloading

If you want to download the Claude client on Windows, be careful, as there are fake and malicious versions seeking to exploit interest in new AI models.

Security researchers at Sophos reported how one of these alleged Claude Pro offers led them to a “claude-pro” website.[.]com”. The site itself was built to look like the legitimate official claude.ai site, but researchers determined it was fake pretty quickly, because none of the site’s links or buttons except the download one worked – all redirecting to the home page.

Those who didn’t spot the scam and clicked the download button would end up with a working version of Claude – however, one that had been poisoned to also provide an updater and DLL file. In classic DLL sideloading fashion, the updater executes the malicious DLL which, in turn, deploys sideloading malware called DonutLoader.

Release a Beagle

This tool, in turn, retrieved a “relatively simple backdoor” called Beagle, capable of running commands, downloading files, creating directories, uninstalling agents, etc.

Sophos could not attribute this campaign to a specific threat actor, but they indicated that it was most likely carried out by the same people who run PlugX.

PlugX is a remote access Trojan (RAT) commonly used by Chinese state-linked threat groups to spy on victims, steal data, and maintain persistent access to compromised systems. The malware is described as highly adaptable and modular, allowing attackers to execute commands, capture screenshots, record keystrokes and move laterally across networks. It has been active for over a decade and is one of the longest-running RATs.

Attackers are most likely planning to deliver malicious ads and SEO poisoning to reach their targets, so be sure to double-check links in your search engine before visiting a website.