Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AWS Cost Explorer Bug Exposes Trillion-Dollar Billing Estimates
July 17, 2026
Critical Windows LegacyHive 0-Day Lets Attackers Gain Admin Access
July 17, 2026
ClickLock macOS Stealer Kills Apps, Forces Password Entry
July 17, 2026
Home/Threats/Hackers Use DLL Sideloading in Fake Claude AI Malware Campaign
Threats

Hackers Use DLL Sideloading in Fake Claude AI Malware Campaign

Key Takeaways Cybercriminals are distributing a new backdoor, “Beagle,” by impersonating Anthropic’s Claude AI assistant through a sophisticated malvertising and DLL sideloading...

Marcus Rodriguez
Marcus Rodriguez
May 11, 2026 5 Min Read
48 0

Key Takeaways

  • Cybercriminals are distributing a new backdoor, “Beagle,” by impersonating Anthropic’s Claude AI assistant through a sophisticated malvertising and DLL sideloading campaign.
  • The attack uses a fake website, claude-pro[.]com, to trick users into downloading a malicious Windows installer that abuses a legitimate G DATA antivirus executable.
  • The campaign employs a multi-stage infection chain, including a new backdoor named Beagle and an open-source loader called DonutLoader, reminiscent of tactics previously seen in state-sponsored espionage.
  • Victims risk full system compromise, including file manipulation, command execution, and persistent remote access by attackers.

A new, highly concerning malware campaign is leveraging the popularity of Anthropic’s Claude AI assistant to distribute a previously undocumented backdoor dubbed “Beagle.” This sophisticated operation employs DLL sideloading, a technique often associated with advanced persistent threat (APT) groups, to compromise unsuspecting users.

Table Of Content

  • Key Takeaways
  • Deceptive Distribution and Initial Infection
  • Hackers Use PlugX-Like DLL Sideloading Chain
  • Beagle Backdoor and C2 Infrastructure
  • What You Should Do

The campaign, identified and detailed by researchers at Sophos X-Ops, involves a meticulously crafted lookalike website designed to mimic the official Claude AI portal. This fake site serves as the distribution point for a malicious installer that establishes a persistent backdoor on infected systems.

Deceptive Distribution and Initial Infection

Attackers have established a convincing replica of the Claude AI website, hosted at claude-pro[.]com. The site employs similar design elements, fonts, and color schemes to appear legitimate. Visitors are prompted to download “Claude-Pro Relay,” delivered as a substantial ZIP archive containing a full Windows installer. Upon execution, this installer discreetly drops three malicious files into the user’s startup folder, ensuring automatic execution with every system boot.

Sophos X-Ops initiated their investigation after reports surfaced regarding this deceptive Claude website. While initial analysis suggested a typical PlugX operation, further scrutiny revealed a distinct and previously unknown backdoor, which they named “Beagle,” along with a first-stage loader called DonutLoader.

The malware campaign appears to propagate through malvertising, where threat actors pay to embed malicious links within search engine advertisements and sponsored results. This tactic allows unsuspecting users searching for the Claude AI tool to easily land on the fraudulent site. Additionally, attackers may have utilized SEO poisoning techniques to enhance the fake site’s organic search engine visibility.

Hackers Use PlugX-Like DLL Sideloading Chain

The campaign stands out due to its sophisticated blend of established attack methodologies and a novel payload. The consistent use of a shared XOR key across various samples from early 2026 indicates a coordinated and ongoing effort, not an isolated incident. Related samples exhibiting diverse payloads and infection chains further suggest continuous development spanning several months.

The infection process begins when a user runs the Claude.msi installer. This action deposits three files: NOVupdate.exe, NOVupdate.exe.dat, and avk.dll. Crucially, NOVupdate.exe is a legitimate, digitally signed updater from G DATA antivirus. However, attackers replace the authentic avk.dll with a malicious version, tricking the trusted NOVupdate.exe into loading the rogue DLL. This technique, known as DLL sideloading, has been a signature of PlugX campaigns for over a decade.

The malicious DLL is then responsible for decrypting the payload concealed within NOVupdate.exe.dat using a hardcoded XOR key. The decrypted content is executed entirely in memory, a tactic that significantly complicates detection by conventional security solutions. This decrypted content is identified as DonutLoader shellcode, an open-source loader previously associated with advanced attacks against government entities.

The combination of a signed legitimate binary, a sideloaded malicious DLL, and an encrypted data file closely mirrors the typical structure of PlugX attacks. Despite these structural similarities, the ultimate payload in this campaign is not PlugX, but rather a distinct and newly identified threat.

Beagle Backdoor and C2 Infrastructure

Once DonutLoader executes, it delivers the final payload: the Beagle backdoor. Beagle establishes communication with a command-and-control (C2) server located at license[.]claude-pro[.]com (IP: 8.217.190.58), utilizing TCP port 443 and UDP port 8080. All traffic between Beagle and the C2 server is encrypted using a hardcoded AES key. This persistent connection grants attackers extensive control over the compromised machine, enabling them to upload and download files, execute arbitrary commands, manage directories, and maintain long-term access.

Sophos researchers also discovered related malware samples on VirusTotal dating back to February 2026. One variant of the campaign leveraged a Microsoft Defender utility as the trusted host binary, while a sample from March 2026 was observed deploying AdaptixC2, an open-source red team framework known to be associated with ransomware activities. These findings suggest that the underlying infrastructure might be supporting multiple campaigns or potentially several distinct threat actors simultaneously.

What You Should Do

  • Always download software, especially AI tools, exclusively from official vendor websites. For Claude AI, use the official Anthropic site.
  • Exercise extreme caution with search engine results, particularly sponsored links or advertisements, as these are frequently exploited for malvertising.
  • Regularly check your system’s startup folders (e.g., %APPDATA%MicrosoftWindowsStart MenuProgramsStartup) for suspicious files like NOVupdate.exe, avk.dll, and NOVupdate.exe.dat.
  • Implement network monitoring to detect and block outbound connections to known malicious domains such as claude-pro[.]com and license[.]claude-pro[.]com.
  • Ensure your antivirus and endpoint detection and response (EDR) solutions are up-to-date and configured to detect DLL sideloading and in-memory execution techniques.

Indicators of Compromise (IoCs):-

Type Indicator Description
Domain claude-pro[.]com Fake Claude AI website used for malware distribution
Domain license[.]claude-pro[.]com Command-and-control (C2) server domain
IP Address 209.189.190.206 Possible hosting server (CloudFlare origin, set up March 2026)
IP Address 178.128.108.89 Second linked hosting server
Domain vertextrust-advisors[.]com Domain linked to a secondary hosting server associated with the threat actor
IP Address 8.217.190.58 IP address associated with C2 domain license[.]claude-pro[.]com
File Name Claude-Pro-windows-x64.zip Malicious ZIP archive (~505MB) distributed via fake site
File Name Claude.msi Windows installer contained within the malicious ZIP archive
File Name NOVupdate.exe Legitimate G DATA signed executable used in DLL sideloading
File Name avk.dll Malicious DLL sideloaded to replace the legitimate G DATA DLL
File Name NOVupdate.exe.dat Encrypted data file containing the DonutLoader shellcode payload
Encryption Key (XOR) SGkGHumNrDbt1OEHV3y2dVh5bQby2R XOR decryption key used to decrypt the first-stage shellcode
Encryption Key (AES) beagle_default_secret_key_12345! Hardcoded AES key used by the Beagle backdoor for C2 communications
Domain gouvvbo[.]top C2 server used by March 2026 variant sample
Domain update-treix[.]com C2 domain used by GoddTV.msi sample
Domain update-crowdstrike[.]com Domain hosted on same IP as update-treix[.]com (192.252.186.62)
Domain update-sentinelone[.]com Domain hosted on same IP as update-treix[.]com (192.252.186.62)
IP Address 192.252.186.62 Shared IP hosting update-treix[.]com and thematically linked domains
File Name MpCopyAccelerator.exe Legitimate Microsoft Defender utility used in February 2026 variant
File Name MpClient.dll Malicious sideloaded DLL in February 2026 variant

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackHackerMalwareransomwareSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Fake DeepSeek TUI GitHub Repositories Deliver Malware

Next Post

Go fsnotify Library Access Changes Spark Supply Chain Concerns

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices
July 17, 2026
CISA Warns of Critical Fortinet FortiSandbox OS Injection Flaws Exploited in Attacks
July 17, 2026
Linus Torvalds Clarifies Linux Kernel’s Stance on AI Development
July 17, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us