Fake Claude AI Installer Targets Windows Users with PlugX Malware

Summary

Cybersecurity researchers from Malwarebytes discovered a malicious campaign using a fake Anthropic Claude website to distribute PlugX malware to Windows users. The attack uses DLL sideloading with a legitimate G DATA signed binary (NOVUpdate.exe) to load malicious payloads, establishing persistent remote access and communicating with C2 infrastructure at 8.217.190.58. The campaign targets users via phishing emails directing them to download Claude-Pro-windows-x64.zip, exploiting the popularity of AI tools to broaden attack surface beyond traditional software piracy victims.

Full text

Security Malware Scams and FraudFake Claude AI Installer Targets Windows Users with PlugX Malware Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. byDeeba AhmedApril 15, 20263 minute read Cybersecurity experts from Malwarebytes have found a malicious new campaign where scammers use the popularity of Anthropic’s AI tool Claude to spread malware. Reportedly, hackers made a fake website that looks just like the official one from Anthropic and offers a Pro version of the tool for Windows to lure people into downloading a malicious file. The scam kicks in after the user is led to visit a site via phishing emails and downloads a folder named Claude-Pro-windows-x64.zip. There’s an n MSI installer inside it that places a shortcut called Claude AI.lnk on the desktop, which runs a VBScript when clicked. This script first launches the original Claude app to keep the user distracted and simultaneously installs the PlugX malware to allow hackers to remotely control the compromised device. How the attack works in secret The hackers use a method called DLL sideloading. Basically, they use a real, safe file named NOVUpdate.exe from a security company called G DATA. Since this is a signed and official file, the computer thinks it is safe. However, the hackers have already hidden a malicious file named avk.dll and a data file called NOVUpdate.exe.dat next to it. When the safe file runs, it accidentally opens these malicious ones too. Source: Malwarebytes According to Malwarebytes investigation, PlugX also gets itself added to the Windows Startup folder to get persistent access. This allows it to start every time the computer turns on, and in just 22 seconds of being installed, it starts communicating with the hackers by connecting to a server at the IP address 8.217.190.58 on Port 443. This server is part of Alibaba Cloud, which threat actors frequently use to hide their tracks. It even modifies the TCP/IP registry key to help it communicate. “PlugX has historically been associated with espionage operators linked to Chinese state interests. However, researchers have noted that PlugX source code has circulated in underground forums, broadening the pool of potential operators. Attribution based on tooling alone is not definitive,” Malwarebytes researchers noted in the blog post. Signs to check for You can easily detect that this software is fake because of a simple spelling mistake. The hackers created a folder named “Cluade” instead of Claude at C:\Program Files (x86)\Anthropic\Claude\Cluade. For staying hidden, it uses a script called del.vbs.bat that deletes itself after installation, and even uses a silent error trick to ensure no warning messages pop up if the installation fails. The hackers are also staying active. Researchers observed them using Kingmailer on 28 March 2026 and switching to CampaignLark on 5 April 2026 to distribute phishing emails. This is why security experts always recommend downloading AI tools only from official sites, in this case, claude.com. If you see files like NOVUpdate.exe or avk.dll in your Startup folder, disconnect from the internet and change your passwords immediately. Expert’s insights Yagub Rahimov, CEO of Polygraf AI, shared his views on this campaign exclusively with Hackread.com. He noted that while the lure is new, the strategy is a familiar one. “We’ve seen this exact playbook before. The bait changes – early 2025, it was DeepSeek, with fake installer sites with DLL sideloading to load backdoors and infostealers, but the method underneath hasn’t changed in years. Signed binary, malicious DLL, encrypted payload. TA416 has been running this exact structure to deploy PlugX since 2022, and has been updating the infection chain while keeping the same approach. Why do they keep using it? Because it works. A legit signed executable doesn’t get flagged. The malicious DLL it loads gets that trust, and when the dropper has deleted itself, there is nothing obvious to be found.” Rahimov further explained that the rise of AI tools has changed the types of people being targeted by hackers. “What has changed is who is getting targeted. AI tools expanded the pool way too much – it’s not people downloading pirated software anymore. These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad. The attackers figured that out before the defenders did.” Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AnthropicClaudeCybersecurityMalwareMalwarebytesPlugXScamWindows Leave a Reply Cancel reply View Comments (0) Related Posts Read More Cyber Crime Scams and Fraud Security Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.… byDeeba Ahmed Read More Cyber Attacks Malware Security South African Power Supplier Hit by DroxiDat Malware Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm… byDeeba Ahmed Hacking News Security BlackBerry Mobile Website hacked to mine Monero via Coinhive A Coinhive user hacked BlackBerry Mobile website to mine Monero coins before the scam was identified and details of which… byWaqas Security Tens of Thousands of IPs still Vulnerable to New Shellshock Worm Security researchers have identified a new malicious operation that can enchain hosts helpless against the Shellshock bash bug.… byWaqas

Indicators of Compromise

• ip — 8.217.190.58
• malware — PlugX
• malware — avk.dll
• malware — del.vbs.bat

Entities