Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign

HomeCyber Security News Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign By Tushar Subhra Dutta May 11, 2026 Cybercriminals are getting creative with how they lure victims into downloading malware, and a new campaign involving a fake version of Anthropic’s Claude AI assistant is raising serious concerns. Attackers set up a convincing lookalike website to distribute a dangerous installer that quietly plants a backdoor on infected systems. The campaign uses a chain of techniques that, until recently, had mostly been seen in state-linked espionage operations. The fake site, hosted at claude-pro[.]com, closely mirrors the look and feel of the real Claude website, using similar fonts and color schemes. Visitors are offered a download called “Claude-Pro Relay,” packaged as a large ZIP archive containing a full Windows installer. Once run, that installer silently drops three malicious files into the user’s startup folder, ensuring they all execute automatically every time the system boots up. The claude-pro[.]com front page (Source – Sophos) Researchers from Sophos X-Ops identified the campaign after investigating reports of the fake Claude website actively distributing malware. While the attack chain initially looked like a classic PlugX operation, a closer look revealed something unexpected beneath the surface. The team uncovered a previously undocumented backdoor they have named “Beagle,” alongside a first-stage loader known as DonutLoader. The campaign appears to be spreading through malvertising, where attackers pay to place malicious links in search engine ads and sponsored results. Unsuspecting users searching for the Claude AI tool could easily land on the fake site without realizing anything is wrong. Threat actors may have also used SEO poisoning to further boost the site’s visibility in organic search results. Hackers Use PlugX-Like DLL Sideloading Chain What makes this campaign especially notable is how it blends older, well-documented attack methods with a freshly crafted payload. The reuse of a shared XOR key across multiple samples from earlier in 2026 suggests this is not a one-off effort. Related samples show different payloads and infection chains, pointing to ongoing development spread over several months. A website that may be linked to the threat actor behind claude-pro[.]com (Source – Sophos) The infection begins once the user runs the Claude.msi installer, which drops three files: NOVupdate.exe, NOVupdate.exe.dat, and avk.dll. NOVupdate.exe is a legitimate, signed updater from G DATA antivirus, but the attackers swap out the real avk.dll with a malicious version, tricking the trusted executable into loading it. This technique, known as DLL sideloading, is a hallmark of PlugX campaigns dating back over a decade. The malicious DLL decrypts the payload hidden inside NOVupdate.exe.dat using a hardcoded XOR key and runs the result entirely in memory. This in-memory approach makes detection much harder for traditional security tools. The decrypted content turns out to be DonutLoader shellcode, an open-source loader previously linked to sophisticated attacks on government organizations. This combination of a signed legitimate binary, a sideloaded malicious DLL, and an encrypted data file closely mirrors known PlugX attack setups. However, despite the nearly identical structure, the final payload here is not PlugX. It opens the door to a different and newly identified threat entirely. Beagle Backdoor and C2 Infrastructure Once DonutLoader executes, it delivers the final payload: the Beagle backdoor. Beagle connects to a command-and-control server at license[.]claude-pro[.]com (IP: 8.217.190.58) over TCP port 443 and UDP port 8080, using a hardcoded AES key to encrypt all traffic. Through this connection, an attacker can upload and download files, run commands, manage directories, and maintain persistent access on the compromised machine. C2 communications over TCP (Source – Sophos) Sophos researchers also found related samples on VirusTotal dating back to February 2026. One variant used a Microsoft Defender utility as the trusted host binary, while a March 2026 sample led to the deployment of AdaptixC2, an open-source red team framework tied to ransomware activity. These findings suggest the underlying infrastructure may be serving multiple campaigns or threat actors simultaneously. To stay protected, users should only download Claude from the official Anthropic website and avoid clicking on sponsored search result links. Checking startup folders for the files NOVupdate.exe, avk.dll, and NOVupdate.exe.dat is a practical first step for anyone who may have visited the fake site. Monitoring outbound connections to claude-pro[.]com and license[.]claude-pro[.]com is also strongly advised. Indicators of Compromise (IoCs):- Type Indicator Description Domain claude-pro[.]com Fake Claude AI website used for malware distribution Domain license[.]claude-pro[.]com Command-and-control (C2) server domain IP Address 209.189.190.206 Possible hosting server (CloudFlare origin, set up March 2026) IP Address 178.128.108.89 Second linked hosting server Domain vertextrust-advisors[.]com Domain linked to a secondary hosting server associated with the threat actor IP Address 8.217.190.58 IP address associated with C2 domain license[.]claude-pro[.]com File Name Claude-Pro-windows-x64.zip Malicious ZIP archive (~505MB) distributed via fake site File Name Claude.msi Windows installer contained within the malicious ZIP archive File Name NOVupdate.exe Legitimate G DATA signed executable used in DLL sideloading File Name avk.dll Malicious DLL sideloaded to replace the legitimate G DATA DLL File Name NOVupdate.exe.dat Encrypted data file containing the DonutLoader shellcode payload Encryption Key (XOR) SGkGHumNrDbt1OEHV3y2dVh5bQby2R XOR decryption key used to decrypt the first-stage shellcode Encryption Key (AES) beagle_default_secret_key_12345! Hardcoded AES key used by the Beagle backdoor for C2 communications Domain gouvvbo[.]top C2 server used by March 2026 variant sample Domain update-treix[.]com C2 domain used by GoddTV.msi sample Domain update-crowdstrike[.]com Domain hosted on same IP as update-treix[.]com (192.252.186.62) Domain update-sentinelone[.]com Domain hosted on same IP as update-treix[.]com (192.252.186.62) IP Address 192.252.186.62 Shared IP hosting update-treix[.]com and thematically linked domains File Name MpCopyAccelerator.exe Legitimate Microsoft Defender utility used in February 2026 variant File Name MpClient.dll Malicious sideloaded DLL in February 2026 variant Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM. Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Tushar Subhra Dutta Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics. Trending News Massive 2.45B-Request DDoS Attack Used 1.2 Million IPs to Evade Rate Limits Hackers Deploy Modular RAT With Credential Theft and Screenshot Capture Capabilities Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns Azure AD Conditional Access Bypassed Via Phantom Device Registration and PRT Abuse Code of Conduct Phishing Emails Target 35,000 Users in Multi-Stage AiTM Attack Latest News Cyber Security News ShinyHunters Breaches Instructure Canvas LMS Through Free-For-Teacher Account Program Cyber Security News Crimenetwork Takedown Exposes 22,000 Users and Over 100 Illegal Sellers Cyber Security News Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines Press Release Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program Cyber Security News GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware