Introduction to Beagle Windows Malware
A recently discovered fake version of the Claude AI website offers a malicious download called Claude-Pro Relay, which installs a previously undocumented backdoor for Windows named Beagle. This threat actor advertises Claude-Pro as a high-performance relay service designed specifically for Claude-Code developers.
The fake website mimics the legitimate site for the popular Claude large language model (LLM) and AI assistant, using similar colors and fonts. However, the facade falls apart when it comes to links, as they are mere redirects to the front page, according to researchers at cybersecurity company Sophos.
Malicious Download and Installation
Users landing on the fake website can only click on a large download button for the malicious resource, a 505MB archive named 'Claude-Pro-windows-x64.zip' that contains an MSI installer allegedly for the Claude-Pro Relay product. Running the binary leads to adding three files to the Startup folder: NOVupdate.exe, NOVupdate.exe.dat, and avk.dll.
The campaign was initially discovered by Malwarebytes, whose researchers say that the 'Pro' installer is a trojanized copy of Claude that works as expected but deploys a PlugX malware chain in the background, giving attackers remote access to the system.
Beagle Backdoor Analysis
Looking closer at the campaign, Sophos discovered that the first-stage payload was DonutLoader that fetched a relatively simple backdoor, which the researchers call Beagle. Beagle has a limited set of commands, including uninstall, execute command, upload file, download file, create directory, rename file, list directory content, and remove directory.
It is worth noting that the Beagle backdoor is distinct from the Delphi-based Beagle/Bagle worm documented in 2004.
Technical Details and Attribution
According to the researchers, NOVupdate.exe is a signed updater for G Data security solutions that the hacker uses to sideload the malicious avk.dll and the encrypted NOVupdate.exe.dat file. Sophos notes that sideloading the AVK DLL and an encrypted file using a G Data signed executable have been linked to PlugX activity in the past.
The role of the DLL is to decrypt and execute in memory the payload inside NOVupdate.exe.dat, which is the open-source in-memory injector DonutLoader. Donut deploys the final payload, the Beagle backdoor, into the system memory to evade detection.
The backdoor communicates with the command-and-control (C2) at ‘license[.]claude-pro[.]com’ using TCP over port 443 and/or UDP over port 8080, while a hardcoded AES key protects the exchanges. The C2 is hosted at 8.217.190[.]58, an IP address that Malwarebytes researchers say is in the range associated with the Alibaba-Cloud service.
Mitigation and Conclusion
To mitigate this risk, users should ensure they are downloading Claude from the official portal and skip or hide sponsored search results. The presence of ‘NOVupdate’ files on a system is a strong indication of compromise.
Although Sophos was unable to confidently attribute the campaign to a threat actor, the researchers suggest that the same operators behind PlugX might be experimenting with a new payload.
- Ensure downloading Claude from the official portal
- Skip or hide sponsored search results
- Monitor for ‘NOVupdate’ files on the system
Source: BleepingComputer