Dangerous clone: ​​Claude AI fake site infects Windows with new Beagle backdoor

Cyber security researchers from Sophos X-Ops and Malwarebytes have warned about the appearance of a dangerous malicious resource under the domain claude-pro[.]com. The fraudulent site completely imitates the official interface of the Claude chatbot, but instead of useful features it distributes a new Windows backdoor codenamed Beagle. The main channel for attracting victims has become paid advertising in the Google search results, due to which the fake site is often displayed above the official portal.

What is it

The attackers created the claude-pro[.]com resource, which visually does not differ from the real Anthropic website (claude.com). The main target of the attack is developers who are offered the high-performance tool Claude-Pro Relay, designed for the Claude Code service.

Only one button is available on the site to download the 505 MB Claude-Pro-windows-x64.zip archive. After it is downloaded, the MSI installer is launched, which begins the multi-stage process of infecting the operating system.

Beagle Specifications and Features

Despite the name, experts say that this virus is not related to the famous Beagle worm of 2004. This is a completely new backdoor with extended functionality. Once infected, it communicates with the host server on TCP port 443 or UDP port 8080. All traffic is encrypted with a custom AES key, making it difficult to distinguish from a standard secure HTTPS connection.

Basic Beagle backdoor commands:

• uninstall: complete removal of the agent from the system
• cmd: execution of arbitrary console commands
• upload: transfer files from the victim’s PC to the attackers’ server
• download: download new malicious components to the computer
• mkdir: create new directories
• rename: file renaming
• ls: get list of files in directories
• rm: remove folders and data

This set of commands is enough for criminals to gain complete remote access and control over a user’s confidential data.

Particulars of the installation process

The virus works cunningly: the installer copies three key components to the Windows startup. These include a legitimate, signed G Data antivirus file renamed to NOVupdate.exe, an encrypted data file, and a malicious avk.dll library. The program is installed by the path C:Program Files (x86)AnthropicClaudeCluade. It is interesting that there is a typographical error in the name of the folder (“Cluade” instead of “Claude”).

The avk.dll library uses an inverted XOR key to decrypt the main body of the virus, then passes control to the DonutLoader loader, which deploys Beagle in the computer’s memory.

Viral network data and activity

According to Malwarebytes experts, the infrastructure is constantly updated. In March 2026, a backdoor hosting server was deployed and the active phase of mailings and advertising campaigns began approximately 6 weeks prior to detection. In April 2026, the attackers changed their mail provider from Kingmailer to CampaignLark for better stealth.

Methods of protection

The main danger is that users are used to trusting top positions in Google search. To protect yourself, it is important to remember a few rules:

• The only official address of Claude AI is claude.com. Any other domains with “-pro”, “relay” or “desktop” prefixes are fake.
• Anthropic never released a tool called the Claude-Pro Relay.
• Pay attention to writing system folders when installing software. Errors like “Cluade” are a clear sign of fraud.

If NOVupdate.exe or avk.dll files are detected in your Windows startup, Sophos experts recommend that you immediately run a deep antivirus scan and isolate the system from the network.