Fake Claude AI Installer Targets Windows Users with PlugX Malware - Hackread

Detailed Analysis

A sophisticated malware campaign exploiting the popularity of Anthropic's Claude AI assistant has been discovered targeting Windows users through a fraudulent website designed to mimic Claude's official domain. The attack delivers PlugX, a well-documented remote access trojan, by tricking users into downloading what is presented as a "pro version" installer packaged in a ZIP archive. Once extracted and executed, the MSI installer launches the legitimate Claude application as a decoy while simultaneously deploying three malicious files — a signed G DATA executable (`NOVUpdate.exe`), a trojanized DLL (`avk.dll`), and an encrypted payload file — into the Windows Startup folder, ensuring persistence across system reboots.

The technical architecture of the attack is notably sophisticated, relying on DLL sideloading to evade detection. By hijacking a legitimately signed third-party binary (the G DATA updater), the malware causes the trusted executable to load the malicious DLL, which in turn decrypts and executes the hidden PlugX payload. This three-part structure — signed binary, malicious DLL, encrypted data — is a hallmark of the PlugX family and is specifically designed to bypass security tools that rely on code-signing validation or behavioral heuristics. The malware then establishes outbound HTTPS communication on port 443 to a command-and-control server, a choice of port that blends with normal web traffic and further complicates network-level detection. Registry modifications to TCP/IP-related keys reinforce the malware's foothold on compromised systems.

PlugX carries significant historical weight in the cybersecurity threat landscape. First observed in espionage campaigns as early as 2008, it has long been associated with Chinese state-linked threat actors, though the broader circulation of its source code on underground forums has expanded the potential operator pool well beyond any single nation-state actor. Its capabilities — which can include keylogging, credential theft, and remote system control — make it a potent tool for both espionage and financially motivated cybercrime. The use of PlugX in this campaign, regardless of attribution, suggests a technically capable operator with access to mature tradecraft.

The broader significance of this campaign lies in the deliberate exploitation of AI brand trust as a social engineering vector. As Claude and other large language model interfaces have rapidly expanded their user bases, they have simultaneously become attractive lures for threat actors who count on user enthusiasm to override caution. The promise of a "pro version" of a widely used AI tool is a textbook pretexting technique that lowers the psychological barrier to downloading and executing unfamiliar software. This pattern mirrors earlier campaigns that weaponized the brands of ChatGPT and other AI tools, indicating an established and growing playbook among cybercriminals targeting AI-adjacent interest. Security researchers advise users to download Claude exclusively from the official source at claude.com/download and to treat any link in emails, advertisements, or third-party sites offering premium AI software with extreme skepticism, particularly when those links bypass official distribution channels.