Windows Beagle backdoor deployed via trojanized Claude AI relay installer
Summary
Hide ▲
Show ▼
A malicious installer masquerading as the "Claude-Pro Relay" for the popular Claude AI platform delivers a previously undocumented Windows backdoor named Beagle via a multi-stage malware chain leveraging DonutLoader and PlugX techniques. The campaign targets users searching for AI development tools by impersonating the official Claude website at a lookalike domain (claude-pro[.]com), where a 505MB ZIP archive named 'Claude-Pro-windows-x64.zip' pretends to be a legitimate MSI installer. Execution results in persistence via three files added to the Windows Startup folder and final in-memory deployment of the Beagle backdoor, which communicates with a command-and-control server over ports 443 (TCP) and 8080 (UDP) using AES encryption.
Timeline
-
07.05.2026 13:02 1 articles · 1h ago
Windows Beagle backdoor delivered via trojanized Claude AI installer
Trojanized installer for a fake "Claude-Pro Relay" distributed via a lookalike domain delivers a new in-memory backdoor named Beagle using DonutLoader. The installer leverages a signed G Data updater to sideload a malicious DLL and encrypted payload, establishing persistence and enabling remote command execution. The backdoor communicates with a C2 server over ports 443/8080 using AES encryption and has been observed with multiple initial infection vectors between February and April 2026.
Show sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02
Information Snippets
-
The malicious installer (Claude-Pro-windows-x64.zip) contains a trojanized MSI installer that installs a signed G Data security updater (NOVupdate.exe) to sideload a malicious DLL (avk.dll) and encrypted payload (NOVupdate.exe.dat).
First reported: 07.05.2026 13:021 source, 1 articleShow sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02
-
The Beagle backdoor is deployed in memory via DonutLoader and provides attackers with remote control capabilities including file upload/download, command execution, directory manipulation, and uninstallation.
First reported: 07.05.2026 13:021 source, 1 articleShow sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02
-
The backdoor communicates with the C2 domain 'license[.]claude-pro[.]com' resolving to IP 8.217.190[.]58, hosted on Alibaba Cloud and protected by a hardcoded AES key for encrypted traffic.
First reported: 07.05.2026 13:021 source, 1 articleShow sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02
-
Additional Beagle samples observed between February and April 2026 used different initial infection vectors including decoy PDFs, Defender binary abuse, AdaptixC2 shellcode, and impersonation of multiple security vendor update sites.
First reported: 07.05.2026 13:021 source, 1 articleShow sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02
-
Campaign artifacts and sideloading technique (signed G Data executable loading avk.dll) align with previously documented PlugX activity, suggesting possible involvement or experimentation by PlugX-associated operators.
First reported: 07.05.2026 13:021 source, 1 articleShow sources
- Fake Claude AI website delivers new 'Beagle' Windows malware — www.bleepingcomputer.com — 07.05.2026 13:02