- A spoofed site (claude-pro[.]com) delivers poisoned installers that sideload DonutLoader and the Beagle backdoor
- The operation mimics legitimate Claude software, likely tied to PlugX operators using DLL sideloading
- Researchers warn of malicious ads and SEO poisoning, urging users to verify links before downloading
If you’re looking to download the Claude client on Windows, be careful, because there are fake and malicious versions out there looking to exploit interest in new AI models.
Security researchers from Sophos have flagged how one such alleged Claude Pro offering led them to a website “claude-pro[.]com”. The site itself was built to look identical to the legitimate claude.ai official website, but the researchers determined it was fake rather quickly, as none of the links or buttons on the site, aside from the download one, worked – all redirecting back to the homepage.
Those who didn’t spot the scam, and clicked the download button, would end up with a working version of Claude – however, one which had been poisoned to also deliver an updater, and a DLL file. In classic DLL sideloading fashion, the updater runs the malicious DLL which, in turn, deploys a loader malware called DonutLoader.
This tool, in turn, fetched a “relatively simple backdoor” called Beagle, capable of running commands, uploading and downloading files, creating directories, uninstalling agents, and more.
Sophos could not attribute this campaign to any particular threat actor, but they did say that it was most likely operated by the same people who are running PlugX.
PlugX is a remote access trojan (RAT) usually used by Chinese state-linked threat groups to spy on victims, steal data, and maintain persistent access to compromised systems. The malware is described as being highly adaptable and modular, allowing attackers to execute commands, capture screenshots, log keystrokes, and move laterally across networks. It has been active for more than a decade and is one of the longer-running RATs out there.
The attackers most likely planned to run malicious ads and SEO poisoning to reach their targets, so make sure to double-check the links in your search engine before visiting any websites.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds.
