Fake Claude Website Distributes PlugX RAT

The counterfeit Claude portal illustrates how threat actors capitalize on the rapid adoption of generative AI to distribute malware. By masquerading as a legitimate download for Anthropic's Claude, the site taps into users' eagerness to upgrade their AI assistants. The social‑engineering lure is reinforced with a professional‑looking MSI installer, which silently runs a VBScript dropper. This approach lowers the barrier for infection, as even modestly tech‑savvy users may trust the source, expanding the attack surface beyond traditional phishing vectors.

Technically, the campaign employs a clever sideloading technique: a signed G DATA antivirus updater (NOVUpdate.exe) is placed in the startup folder, allowing the PlugX RAT to execute via DLL hijacking. The use of a legitimate‑looking signed binary helps bypass many endpoint protections, while the VBScript’s "On Error Resume Next" clause suppresses visible errors. Once active, the RAT establishes a TCP connection to command‑and‑control infrastructure on Alibaba Cloud, a cloud provider often trusted by enterprises, further obscuring malicious traffic. The minimal persistence—only the startup files and NOVUpdate.exe—makes forensic detection challenging.

PlugX’s resurgence underscores a broader trend of old espionage tools reappearing in new threat campaigns, especially as source code becomes commoditized among cybercriminals. Attribution remains murky, but the potential involvement of state‑aligned actors raises geopolitical stakes. Organizations should tighten controls around software supply chains, enforce strict code‑signing verification, and monitor for anomalous startup entries. Enhanced endpoint detection, network traffic analysis, and user education about unsolicited AI tool downloads are essential defenses against this evolving blend of AI‑driven social engineering and sophisticated malware delivery.