A fake Claude AI website is distributing a malicious Claude-Pro Relay download that installs a previously undocumented Windows backdoor called Beagle, according to a technical analysis by Sophos. The campaign uses a 505MB archive that appears to offer a Claude-Pro Relay installer and targets users who land on the lookalike site.
KEY FACTS
- Fake site The domain claude-pro[.]com mimics the real Claude branding and uses a large download button.
- Payload The archive contains an MSI installer named Claude-Pro Relay that drops startup files on Windows systems.
- Backdoor Beagle supports commands for executing, uploading, downloading, listing, renaming and removing files and directories.
- Delivery chain The malware uses a signed G Data executable to sideload a DLL and an encrypted data file.
The report says the binary adds NOVupdate.exe, NOVupdate.exe.dat and avk.dll to the Startup folder. It also says the first-stage payload is DonutLoader, which decrypts and runs Beagle in memory to reduce detection.
The backdoor communicates with command-and-control infrastructure at license[.]claude-pro[.]com over TCP port 443 and UDP port 8080. The exchanges are protected with a hardcoded AES key, while the server is hosted at 8.217.190[.]58.
The campaign was first identified by Malwarebytes, which linked the trojanized installer to a PlugX malware chain. Sophos later found additional Beagle samples submitted to VirusTotal between February and April that used different infection paths, including Microsoft Defender binaries, AdaptixC2 shellcode, a decoy PDF and fake update sites for security vendors.
Sophos said it could not confidently attribute the activity to a specific threat actor, but suggested the same operators behind PlugX may be testing a new payload. It also said the presence of NOVupdate files on a system is a strong sign of compromise.
WHY IT MATTERS
The case shows how fake AI software sites can be used to spread Windows malware through convincing branding and bogus downloads. Users are advised to install Claude only from the official portal and avoid sponsored search results.