‘Threat actors are clearly adapting to widespread interest in popular AI tools’: AI fans beware, hackers create fake Claude site to spread backdoor malware

A fake website (claude-pro[.]com) provides poisoned installers that side-read DonutLoader and the Beagle backdoor
The operation mimics legitimate Claude software, likely attached to PlugX operators that use DLL sideloading
Researchers warn of malicious ads and SEO poisoning and urge users to verify links before downloading

If you want to download the Claude client on Windows, be careful because there are fake and malicious versions out there that want to take advantage of the interest in new AI models.

Security researchers from Sophos have flagged how one such purported Claude Pro offer led them to a website “claude-pro[.]com”. The site itself was built to look identical to the legitimate claude.ai official site, but the researchers found that it was fake pretty quickly as none of the links or buttons on the site, apart from the download one, worked – all redirecting back to the homepage.

Those who didn’t spot the scam and click the download button would end up with a working version of Claude – albeit one that had been poisoned to also deliver an update and a DLL file. In classic DLL pageload fashion, the updater runs the malicious DLL, which in turn deploys a loader malware called DonutLoader.

Drops Beagle

This tool in turn fetched a “relatively simple backdoor” called Beagle, capable of running commands, uploading and downloading files, creating folders, uninstalling agents and more.

Sophos could not attribute this campaign to any specific threat actor, but they said it was most likely run by the same people who run PlugX.

PlugX is a remote access trojan (RAT) commonly used by Chinese state-linked threat groups to spy on victims, steal data, and maintain persistent access to compromised systems. The malware is described as being highly adaptable and modular, allowing attackers to execute commands, take screenshots, log keystrokes and move laterally across networks. It has been active for more than a decade and is one of the longer-lasting RATs out there.

The attackers most likely planned to run malicious ads and SEO poisoning to achieve their goals, so be sure to double-check the links in your search engine before visiting any websites.