Fake Claude AI Site Drops Beagle Backdoor on Windows Users

Cybercriminals are increasingly weaponizing the hype around generative AI, creating counterfeit portals that mimic popular tools like Anthropic's Claude. By offering a bogus "Claude‑Pro Relay" download, the operators tap into users' eagerness to access premium AI features, turning curiosity into infection. This social‑engineering vector sidesteps traditional phishing cues, relying instead on the perceived legitimacy of an AI service to lure victims into executing a large ZIP archive.

The technical chain mirrors classic PlugX tactics but adds modern twists. A signed G DATA antivirus updater binary, renamed NOVupdate.exe, is used to sideload a malicious avk.dll library. The DLL decrypts an embedded payload with a reversed XOR key, then invokes DonutLoader—an open‑source in‑memory loader—to drop the Beagle backdoor. By leveraging a trusted binary, the malware evades many endpoint detections, while the use of DLL sideloading circumvents signature checks that focus on executable files.

For defenders, the campaign underscores the need for deeper supply‑chain scrutiny and behavior‑based monitoring. Relying solely on file hashes or known signatures is insufficient when attackers repurpose signed updaters. Organizations should enforce strict application whitelisting, monitor unexpected DLL loads in legitimate processes, and scrutinize outbound traffic to obscure domains hosted on cloud platforms like Alibaba. As fake AI sites proliferate, a blend of user education and advanced telemetry will be essential to curb this emerging threat vector.