![\"A](\"https:\/\/www.newsbeep.com\/nz\/wp-content\/uploads\/2026\/04\/fake-claude-site-SD-homepage.png\")
A convincing fake Claude site serving PlugX malware\nA deep dive into the campaign<\/p>\n
Claude\u2019s rapid growth\u2014nearly 290 million web visits per month\u2014has made it an attractive target for attackers, and this campaign shows how easy it is to fall for a fake site.<\/p>\n
We discovered a fake website impersonating Anthropic\u2019s Claude to serve a trojanized installer. The domain mimics Claude\u2019s official site, and visitors who download the ZIP archive receive a copy of Claude that installs and runs as expected. But in the background, it deploys a PlugX malware chain that gives attackers remote access to the system.<\/p>\n
A convincing fake Claude site serving PlugX malware
\nA deep dive into the campaign<\/p>\n
The fake site presents itself as an official download page for a \u201cPro\u201d version of Claude and offers visitors a file called Claude-Pro-windows-x64.zip. Passive DNS records show the domain is equipped with active mail-sending infrastructure: its MX records have pointed to two commercial bulk-email platforms\u2014Kingmailer (last observed March\u00a028, 2026) and CampaignLark (observed from April\u00a05, 2026). The switch between providers suggests the operators actively maintain and rotate their sending capability.<\/p>\n
The ZIP contains an MSI installer that installs to C:\\Program Files (x86)\\Anthropic\\Claude\\Cluade\\\u2014a path designed to mimic a legitimate Anthropic installation, complete with a reference to Squirrel, the update framework that real Electron-based applications like Claude use. The misspelling \u201cCluade\u201d is a clear red flag. <\/p>\n
The installer places a shortcut, Claude AI.lnk, on the Desktop pointing to Claude.vbs inside the SquirrelTemp directory. When the victim clicks the shortcut, it launches a VBScript dropper, which locates claude.exe two directories up at C:\\Program Files (x86)\\Anthropic\\Claude\\Cluade\\claude.exe and runs the real application in the foreground. <\/p>\n
The dropper then creates a new shortcut, Claude.lnk, on the Desktop pointing directly to claude.exe. This leaves the victim with a working shortcut going forward, while the original Claude AI.lnk becomes a dead link after the VBScript deletes itself.<\/p>\n
What happens behind the curtain<\/p>\n
While the legitimate application runs in the foreground, the VBScript quietly copies three files from the SquirrelTemp directory into the Windows Startup folder at C:\\Users\\\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\. <\/p>\n
Static analysis of the dropper script identifies these as an executable called NOVUpdate.exe, a DLL named avk.dll, and an encrypted data file called NOVUpdate.exe.dat. The script then launches NOVUpdate.exe with a hidden window (window style\u00a00), so nothing appears on screen.<\/p>\n
This is a textbook DLL sideloading attack, a technique catalogued by MITRE as T1574.002. NOVUpdate.exe is a legitimately signed G\u00a0DATA antivirus updater. When it executes, it attempts to load a library called avk.dll from its own directory. Normally, this would be a genuine G\u00a0DATA component, but here the attacker has substituted a malicious version. Signed sideloading hosts like this can complicate detection because the parent executable may appear benign to endpoint security tools.<\/p>\n
Based on the Lab52 report documenting this same GData sideloading triad, the malicious avk.dll is expected to read and decrypt a payload stored in the accompanying .dat file. This pattern\u2014a signed executable, a trojanized DLL, and an encrypted data file forming a three-component sideloading triad\u2014is characteristic of the PlugX malware family, a remote access Trojan tracked in espionage campaigns since at least 2008.<\/p>\n
![\"\"](\"https:\/\/www.newsbeep.com\/nz\/wp-content\/uploads\/2026\/04\/fake-claude-site-SD-2.png\")
\nSandbox telemetry: C2 callback within seconds<\/p>\n
Behavioural analysis in a sandboxed environment confirmed key parts of the execution chain. WScript.exe was observed dropping NOVUpdate.exe and avk.dll into the Startup folder. Just 22 seconds later, NOVUpdate.exe had established its first outbound TCP connection to 8.217.190.58 on port 443. The connection was repeated multiple times during the observation window.<\/p>\n
The IP address 8.217.190.58 falls within an Alibaba Cloud\u2013associated address range (8.217.x.x). Cloud hosting providers are routinely abused by threat actors for command-and-control infrastructure; the hosting provider alone does not indicate malicious ownership of the IP.<\/p>\n
The sandbox also recorded NOVUpdate.exe modifying the registry key HKLM\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters, a path related to TCP\/IP network configuration.<\/p>\n
Cleaning up after itself<\/p>\n
Static analysis of the dropper script reveals additional anti-forensic measures. After deploying the payload files, the VBScript writes a small batch file called ~del.vbs.bat that waits two seconds, then deletes both the original VBScript and the batch file itself. This means the dropper is gone from disk by the time a user or analyst goes looking for it. The only artifacts that persist are the sideloading files in the Startup folder and the running NOVUpdate.exe process. The script also wraps the entire malicious payload section in an On Error Resume Next statement, silently swallowing any errors so that failures in the deployment do not produce visible error dialogs that might alert the victim.<\/p>\n
![\"\"](\"https:\/\/www.newsbeep.com\/nz\/wp-content\/uploads\/2026\/04\/fake-claude-site-SD-1.png\")
\nA known playbook with a fresh lure<\/p>\n
This sideloading technique\u2014abusing G\u00a0DATA\u2019s avk.dll alongside a legitimate G\u00a0DATA executable and an XOR-encrypted payload file\u2014was publicly documented by Lab52 in February 2026 in their report \u201cPlugX Meeting Invitation via MSBuild and GDATA.\u201d In that campaign, phishing emails used fake meeting invitations to deliver a nearly identical three-file sideloading package. The Lab52 sample used AVKTray.dat as the encrypted payload filename; this campaign uses NOVUpdate.exe.dat. The core mechanism is the same.<\/p>\n
PlugX has historically been associated with espionage operators linked to Chinese state interests. However, researchers have noted that PlugX source code has circulated in underground forums, broadening the pool of potential operators. Attribution based on tooling alone is not definitive. <\/p>\n
What is clear is that the operators behind this campaign have combined a proven sideloading technique with a timely social engineering lure\u2014exploiting the surging popularity of AI tools to trick users into running a trojanized installer.<\/p>\n
How to stay safe<\/p>\n
This campaign works because everything looks normal. The app installs, launches, and behaves as expected, while a hidden sideloading chain runs in the background using a signed security tool to avoid suspicion.<\/p>\n
Attackers are also moving fast. This technique was documented just weeks ago, and has already been reused with a new lure. As AI tools grow in popularity, we can expect more lookalike sites and fake installers like this.<\/p>\n
Here\u2019s how to check if you\u2019ve been affected:<\/p>\n
Check your Startup folder for NOVUpdate.exe, avk.dll, or NOVUpdate.exe.dat. To stay safe:<\/p>\n Only download Claude from the official site: claude.com\/download Indicators of Compromise (IOCs)<\/p>\n Payload filenames<\/p>\n Claude-Pro-windows-x64.zip (35FEEF0E6806C14F4CCDB4FCEFF8A5757956C50FB5EC9644DEDAE665304F9F96)\u2014distributed archive<\/p>\n NOVUpdate.exe (be153ac4db95db7520049a4c1e5182be07d27d2c11088a2d768e931b9a981c7f)\u2014legitimate G\u00a0DATA updater (sideloading host)<\/p>\n avk.dll (d5590802bf0926ac30d8e31c0911439c35aead82bf17771cfd1f9a785a7bf143)\u2014malicious DLL (PlugX loader)<\/p>\n NOVUpdate.exe.dat (8ac88aeecd19d842729f000c6ab732261cb11dd15cdcbb2dd137dc768b2f12bc)\u2014encrypted payload<\/p>\n Network indicators<\/p>\n 8.217.190.58:443 (TCP)\u2014C2 destination<\/p>\n We don\u2019t just report on threats\u2014we remove them<\/p>\n Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by\u00a0downloading Malwarebytes today<\/a>.<\/p>\n *** This is a Security Bloggers Network syndicated blog from Malwarebytes<\/a> authored by Malwarebytes<\/a>. Read the original post at: https:\/\/www.malwarebytes.com\/blog\/scams\/2026\/04\/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"Claude\u2019s rapid growth\u2014nearly 290 million web visits per month\u2014has made it an attractive target for attackers, and this…\n","protected":false},"author":2,"featured_media":100656,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8231,3218,58,111,139,69,145],"class_list":{"0":"post-373353","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-event","9":"tag-icon","10":"tag-link","11":"tag-new-zealand","12":"tag-newzealand","13":"tag-nz","14":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/373353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/comments?post=373353"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/373353\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media\/100656"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media?parent=373353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/categories?post=373353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/tags?post=373353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nIf any are present, disconnect from the internet immediately.
\nLook for the misspelled directory C:\\Program Files (x86)\\Anthropic\\Claude\\Cluade\\ on your system.
\nRun a full system scan with Malwarebytes<\/a>.
\nCheck firewall or proxy logs for outbound connections to 8.217.190.58.
\nChange passwords for any accounts accessed from the affected machine. PlugX variants can include keylogging and credential-theft.<\/p>\n
\nAvoid links in emails, ads, or \u201cPro\u201d versions offered outside official channels
\nUse an up-to-date, real-time\u00a0anti-malware solution<\/a>\u00a0with a web protection component.<\/p>\n