Fake Claude Site Installs Malware that Gives Attackers Access to Your Computer

The explosive growth of generative‑AI assistants—Claude alone sees roughly 290 million monthly visits—has turned them into prime bait for cybercriminals. Threat actors quickly set up look‑alike domains that promise a "Pro" version of the software, then lure users into downloading a ZIP archive. By mimicking the official installation path and even referencing the Squirrel update framework, the fake installer convinces even cautious users that they are running a legitimate program, while the underlying malicious chain operates unnoticed.

Technically, the dropper is a VBScript that launches a signed G DATA antivirus updater (NOVUpdate.exe) and leverages a classic DLL sideloading technique (MITRE T1574.002). The malicious avk.dll replaces the genuine component, loading an encrypted payload from NOVUpdate.exe.dat. This triad—signed host, trojanized DLL, encrypted payload—is characteristic of the PlugX remote‑access trojan, a tool long associated with espionage groups. Within 22 seconds the payload reaches out to a command‑and‑control server hosted on an Alibaba Cloud IP, establishing a persistent foothold while the original script self‑deletes, leaving only the startup‑folder artifacts.

For enterprises, the episode underscores a broader shift: attackers are weaponizing AI hype to distribute sophisticated malware. Organizations should enforce strict download policies, verify URLs against official vendor domains, and deploy endpoint solutions capable of detecting signed‑binary abuse and anomalous startup entries. Regular audits of the Startup folder, network traffic monitoring for unexpected outbound connections, and user education about phishing‑lure tactics are essential defenses as AI tools become ubiquitous in the corporate workflow.