A fraudulent imitation of Anthropic's Claude website has been used to distribute a backdoor named Beagle, deployed through a Dynamic Link Library sideloading chain that abuses a signed antivirus updater binary, according to Sophos X-Ops. The malicious domain claude-pro[.]com presents a stripped‑down imitation of the legitimate Claude interface and offers a fictitious tool called Claude-Pro Relay, served as an approximately 505 MB ZIP archive.
The downloaded archive contains an MSI installer that drops three files into the startup folder: a signed G DATA antivirus updater renamed NOVupdate[.]exe, an encrypted data file, and a malicious DLL named avk[.]dll, which sideloads in place of the updater’s expected library. The DLL decrypts the data using a reversed XOR key and runs shellcode that loads DonutLoader before deploying the final payload, the Beagle backdoor, which supports eight commands for shell, file transfer, directory listing and self‑removal.
Sophos observed a PlugX‑style chain with a G DATA‑signed binary and linked indicators, suggesting the threat actor may have retooled or imitated an established infection chain. The malvertising campaign is hosted infrastructure on Alibaba Cloud and distributed malware through Cloudflare, with a server set up in March 2026.