Attackers Exploit Claude's Popularity to Spread PlugX Malware
A malicious website masquerading as an official Anthropic Claude domain has been caught delivering a remote access trojan (RAT) to unsuspecting visitors, according to a report by Malwarebytes. The campaign capitalizes on the surging mainstream interest in AI tools, luring users with the promise of a premium version of the popular Claude large language model.
The deceptive site hosts a download link pointing to a ZIP archive that purports to contain a professional edition of Claude. Inside the archive is an MSI installer carefully crafted to mimic Anthropic's legitimate installation process — and it even installs the genuine Claude application to avoid raising suspicion.
A Deceptive Installation Chain
The infection sequence is deliberately designed to appear routine. When a user launches the Claude application through the Desktop shortcut created during installation, a VBScript dropper activates quietly in the background. While the real Claude application opens in the foreground — giving users no visible reason for concern — the dropper simultaneously installs malware without any indication to the victim.
Malwarebytes explains that the VBScript deposits three files into the system's startup folder. One of the most significant is NOVUpdate.exe, a legitimate and digitally signed updater belonging to G DATA antivirus software. The attackers abuse this trusted binary through a technique known as DLL sideloading, using it to execute a variant of the PlugX malware.
PlugX: A Long-Running Espionage Tool
PlugX is a well-documented remote access trojan that has featured in numerous cyber-espionage campaigns over the course of nearly a decade. While it has historically been associated with Chinese state-sponsored threat groups, its source code has been circulated among a broader set of threat actors, making definitive attribution increasingly difficult.
Within seconds of being dropped onto the infected system, NOVUpdate.exe establishes a TCP connection to command-and-control (C&C) infrastructure hosted on Alibaba Cloud, allowing the operators to remotely access and control the compromised machine.
Designed to Evade Detection
The threat actors took deliberate steps to minimize forensic traces and avoid alerting the victim. As Malwarebytes notes:
"The script also wraps the entire malicious payload section in an On Error Resume Next statement, silently swallowing any errors so that failures in the deployment do not produce visible error dialogs that might alert the victim."
Beyond error suppression, the initial VBScript also writes a batch file designed to delete both itself and the script after execution, erasing evidence of the infection's early stages. Once the attack completes its setup, the only artifacts that persist on the compromised system are the sideloading files placed in the startup folder and the running NOVUpdate.exe process.
Broader Campaign Context
This is not the first time this particular infection chain has been observed in the wild. Malwarebytes notes that a similar approach was documented in February, when a phishing campaign leveraging fake meeting invitations was used to deliver PlugX malware to targeted recipients.
The current campaign represents a more socially engineered variation, exploiting the cultural momentum around artificial intelligence to trick users into voluntarily running a trojanized installer. As Malwarebytes summarizes:
"What is clear is that the operators behind this campaign have combined a proven sideloading technique with a timely social engineering lure — exploiting the surging popularity of AI tools to trick users into running a trojanized installer."
Key Indicators and Takeaways
- The malicious site impersonates a legitimate Anthropic Claude domain and offers a fake "pro version" download.
- The ZIP archive contains an MSI installer that installs the real Claude application as a decoy.
- A VBScript dropper executes malware silently in the background while Claude opens normally.
- Three files are dropped into the startup folder, including the signed NOVUpdate.exe G DATA binary.
- DLL sideloading via NOVUpdate.exe executes a PlugX RAT variant.
- C&C communications are routed through infrastructure hosted on Alibaba Cloud.
- The script uses On Error Resume Next to suppress error dialogs and avoid detection.
- A self-deleting batch file removes initial infection artifacts to hinder forensic investigation.
Attribution Challenges
While PlugX's historical roots lie with Chinese espionage actors, the wide sharing of its source code means researchers cannot reliably pin this campaign to any specific group. The combination of a legitimate signed binary, DLL sideloading, and a culturally timely AI-themed lure reflects a sophisticated and adaptable threat actor capable of evolving their tactics to suit current events.
Users are advised to download AI tools and software exclusively from verified, official sources, and to treat unsolicited links or third-party download portals with extreme caution — particularly those advertising premium or unlocked versions of popular applications.
Source: SecurityWeek