Malicious Imitation of Anthropic’s Claude Website Distributes New Backdoor Named Beagle
In a sophisticated cyberattack, a fraudulent replica of the Claude website operated by Anthropic has been uncovered as a distribution platform for a previously unidentified backdoor dubbed Beagle. The operation utilizes a Dynamic Link Library (DLL) sideloading technique, exploiting a reputable antivirus updater binary to carry out its malicious activities.
The compromised domain, identified as claude-pro[.]com, is a stripped-down version of the legitimate Claude interface. It promotes an imaginary tool titled Claude-Pro Relay, which is packaged as a 505 MB ZIP archive. This alarming information comes from a detailed analysis conducted by the cybersecurity firm Sophos X-Ops, shedding light on the broader implications of such deceitful practices in the digital realm.
Active Malvertising Campaign
Researchers from Sophos X-Ops have traced this deceptive domain to a server that was established as recently as March 2026. This timing suggests an ongoing malvertising campaign aimed at unwittingly enticing users into downloading malicious software under the guise of a trusted application. The threat posed by such tactics plays into a wider narrative in cybercrime, where imitation and deception are frequently leveraged to breach security.
Mechanism of Attack
The ZIP file downloaded from this fraudulent site contains an MSI installer that deploys three distinct files into the victim’s startup folder. Among these is a signed G DATA antivirus updater, misleadingly renamed to NOVupdate.exe. Additionally, it delivers an encrypted data file along with a malicious DLL labeled avk.dll. When the legitimate updater is executed, it unwittingly sideloads the harmful avk.dll instead of the expected library.
Upon execution, avk.dll utilizes a decryption method involving a reversed XOR key to extract a payload, leading to the activation of shellcode that subsequently loads DonutLoader. This open-source in-memory loader then completes the follow-up by deploying the Beagle backdoor.
Sophos initially speculated that this malware might be a variant of the PlugX strain, primarily based on the involvement of the G DATA-signed binary, the avk.dll sideload, and an encrypted data file—elements previously associated with PlugX in a report from Lab52 in February 2026. However, the deployment of a different payload led researchers to postulate that the actor behind this operation might have modified an existing infection chain or pilfered techniques utilized by other malicious groups.
Features and Capabilities of Beagle
Beagle operates as a relatively straightforward backdoor, supporting eight primary commands for tasks such as shell execution, file transfer, directory listing, and self-removal. The backdoor establishes a connection with its command-and-control (C2) server located at license[.]claude-pro[.]com, communicating over TCP port 443 or UDP port 8080. Notably, all traffic is encrypted using a hardcoded AES key, which adds an additional layer of complexity for anyone trying to intercept or analyze communications.
Sophos has identified further samples on VirusTotal that share the same XOR key associated with Beagle, with some instances dating back to February 2026. A variant that emerged in March substituted the final payload for shellcode related to AdaptixC2—an open-source framework used in red-teaming efforts, and previously observed in ransomware attacks. Other versions were found masquerading as updates for well-known cybersecurity products from companies like Trellix, CrowdStrike, and SentinelOne.
Challenges in Counteracting the Threat
The campaign employs Cloudflare for distributing the malware while relying on Alibaba Cloud for hosting its C2 infrastructure. This strategic separation could significantly complicate efforts to dismantle the threat, demonstrating a level of operational continuity that might indicate these malicious actors are not merely pursuing short-lived disposable campaigns. Instead, their persistence suggests a well-organized approach to cybercriminal activity.
In conclusion, the use of a fraudulent Claude website for distributing malicious software has once again spotlighted the critical need for enhanced cybersecurity measures. As cybercriminals continue to refine their tactics, it becomes imperative for individuals, businesses, and cybersecurity professionals alike to remain vigilant against such sophisticated threats, which blur the lines between legitimate digital interactions and malicious intent.