Fake Claude AI site pushes 'Beagle' Windows backdoor via trojanized installer

A spoofed Claude AI site at claude-pro[.]com is distributing a 505MB MSI installer that masquerades as a ‘Claude-Pro Relay’ tool for Claude Code developers. Sophos and Malwarebytes researchers found the installer drops three files into the Startup folder and kicks off a PlugX-style sideloading chain: a legitimately signed G Data updater (NOVupdate.exe) loads a malicious avk.dll, which decrypts an encrypted blob into DonutLoader, which in turn injects a previously undocumented backdoor dubbed Beagle into memory.

Beagle is lightweight — supporting only basic commands like cmd execution, file upload/download, directory listing, and self-uninstall — and beacons to license[.]claude-pro[.]com over TCP/443 and UDP/8080 with AES-encrypted traffic, hosted on Alibaba Cloud infrastructure. Sophos found related samples on VirusTotal from February through April using the same XOR key but delivered via different lures, including fake update sites for CrowdStrike, SentinelOne, and Trellix, plus AdaptixC2 shellcode and decoy PDFs.

The G Data signed-binary sideloading pattern has historically been tied to PlugX operators, suggesting the same crew may be testing a new payload family. The campaign trades on developer trust in the Claude brand, and the presence of NOVupdate files is a reliable indicator of compromise.