Malwarebytes researcher Stefan Dasic spotted a fake website impersonating Anthropic's Claude that serves a trojanized installer. The site pushes a "Pro" version download. Here's the trick: the installer actually works. It installs and runs the real Claude app. But while Claude opens on your screen, the installer quietly drops PlugX malware in the background, giving attackers remote access to your machine.
Three files get copied to your Windows Startup folder: a legitimately signed G DATA antivirus updater (NOVUpdate.exe), a malicious DLL (avk.dll), and an encrypted data file. When NOVUpdate.exe runs, it loads the attacker's DLL instead of the real G DATA component. That's a textbook DLL sideloading attack, tracked as MITRE T1574.002. Sandbox testing showed the malware phoning home to its command-and-control server within 22 seconds. The dropper then deletes itself, leaving almost no trace.
PlugX is serious software. This remote access trojan has been tied to state-aligned espionage operators since at least 2008, though the source code has since circulated in underground forums. Claude pulls nearly 290 million monthly web visits, making it a convincing lure to a high-profile model like Claude Mythos AI model. The fake domain showed active maintenance too, with operators rotating between bulk-email providers Kingmailer and CampaignLark to stay operational. The installer path has a tell: it spells "Cluade" instead of "Claude." One transposed letter. That's all that separates a working AI chatbot from a state-grade spy tool running on your machine.