Fake Claude Site Distributes PlugX Malware

Attackers created a convincing fake website impersonating Anthropic’s Claude, exploiting its ~290 million monthly web visits to lure victims into downloading a trojanized installer. The malware delivered is PlugX, a remote access Trojan (RAT) with roots in state-linked espionage operations dating back to 2008.

The official and only legitimate download location for Claude is claude[.]com/download.

Severity: High

Attack Details

1. Initial Access

• The fake site poses as an official Claude “Pro” download page, serving Claude-Pro-windows-x64.zip.
• The domain maintained active bulk email infrastructure, rotating between two providers (Kingmailer and CampaignLark), indicating an actively managed phishing operation.

2. Installation & Persistence

• The ZIP delivers an MSI installer that drops files into C:\Program Files (x86)\Anthropic\Claude\Cluade\ — note the deliberate misspelling of “Cluade.”
• A VBScript dropper (Claude.vbs) launches the legitimate Claude app in the foreground as a decoy, while silently copying three malicious files into the Windows Startup folder:

3. Execution — DLL Sideloading

NOVUpdate.exe, being a legitimately signed binary, loads avk.dll from its own directory. The malicious DLL decrypts and executes the payload from the .dat file. Because the parent process is signed, endpoint security tools may not flag it.

4. C2 Callback

Sandbox analysis confirmed outbound TCP connections to 8.217.190[.]58:443 within 22 seconds of execution – hosted on Alibaba Cloud infrastructure.

5. Anti-Forensics

The dropper self-destructs via a self-deleting batch file (~del.vbs.bat), leaving no VBScript on disk. Errors are silently swallowed using On Error Resume Next to avoid alerting the victim.

Threat Context & Attribution

This sideloading triad (G DATA executable + malicious avk.dll + encrypted .dat) matches a technique documented by Lab52 in February 2026 (“PlugX Meeting Invitation via MSBuild and GDATA”). The core mechanism is identical, only the lure changed from fake meeting invitations to a fake AI tool installer.
PlugX has historically been associated with Chinese state-nexus espionage actors, though its source code has leaked to underground forums, making attribution based on tooling alone unreliable.

Recommendations

1. Check your Startup folder for the three sideloading files — NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat. If found, disconnect from the internet immediately before doing anything else. Change all passwords, as PlugX supports keylogging and credential theft.
2. Also look for the misspelled directory C:\Program Files (x86)\Anthropic\Claude\Cluade\ as a confirmation indicator.
3. Run a full scan with an up-to-date anti-malware solution.
4. VBScript (WScript.exe, CScript.exe) should be blocked or heavily audited for most users. This campaign’s entire dropper stage depends on VBScript execution. If your environment has no legitimate use for it, disable it via GPO.
5. Only use the official site (claude[.]com/download) and avoid third-party “Pro” installers.
6. AI tools are now a high-value lure category alongside Office macros and fake browser updates. Train users to be skeptical of any AI software download link received via email, search ads, or social media.
7. Encourage users to check installation paths after installing software — a misspelling like “Cluade” in a directory name is a concrete red flag that non-technical users can be trained to spot.
8. Block the IOCs at their respective controls
   https://www.virustotal.com/gui/collection/a07ae74bae7c475c2b943ee75019fcab83bcd0397a369b26fdf3b66879697bf9/iocs

IOCs

Source:

• https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.