Fake Claude Download Site Distributes PlugX‑Backed Malware, Giving Attackers Remote System Access
What Happened — Attackers registered a look‑alike domain that mimics Anthropic’s Claude AI download page. The site offers a ZIP file named Claude‑Pro‑windows‑x64.zip which installs a legitimate‑looking Claude client while silently deploying a PlugX‑based remote‑access trojan via a VBScript dropper and DLL sideloading.
Why It Matters for TPRM —
- Demonstrates the risk of counterfeit vendor portals in AI‑service supply chains.
- Malware installs with a signed legitimate host (G DATA updater), evading many endpoint controls.
- Successful compromise can lead to lateral movement, data exfiltration, and operational disruption for any organization that trusts the compromised system.
Who Is Affected — Companies that download Claude AI from unofficial sources; primarily technology/SaaS firms, AI/ML service users, and enterprise R&D teams that integrate Claude via desktop clients.
Recommended Actions —
- Instruct users to obtain Claude only from Anthropic‑controlled URLs or approved internal repositories.
- Validate that all endpoint protection solutions can detect signed DLL sideloading and PlugX behaviors.
- Review third‑party risk policies for software supply‑chain verification and enforce strict download‑source whitelisting.
Technical Notes — The installer writes to C:\Program Files (x86)\Anthropic\Claude\Cluade\, creates deceptive shortcuts, and copies malicious files (NOVUpdate.exe, avk.dll, NOVUpdate.exe.dat) to the Startup folder. It leverages DLL sideloading (MITRE T1574.002) using a signed G DATA updater to hide the payload. The campaign uses rotating bulk‑email services (Kingmailer, CampaignLark) for phishing outreach. Source: Malwarebytes Labs