Fake Claude site installs Beagle backdoor via DLL sideloading

Malwarebytes researchers found a fake Anthropic Claude website offering a ZIP file that installs a trojanized “Claude-Pro” Windows client. The package appears to install and launch a working Claude app while secretly delivering a backdoor the researchers named Beagle.

The ZIP contains an MSI installer that places files into a folder structured to mimic a legitimate Anthropic installation and includes references to Squirrel, the update framework used by many Electron apps. The package contains a misspelling, “Cluade,” but the visible application runs normally. A hidden VBScript copies three payload files from the SquirrelTemp directory into the Windows Startup folder while the apparent client runs in the foreground.

The attack relies on DLL sideloading. The MSI drops a signed G DATA updater named NOVUpdate.exe, which expects to load avk.dll from its directory. The attacker substituted that library with a malicious DLL. When NOVUpdate.exe runs, it loads the forged avk.dll and the Beagle backdoor activates. Malwarebytes describes Beagle as a PlugX-like remote access tool that can provide persistent remote access.

After deploying the payloads the dropper attempts to erase traces. The VBScript writes a batch file named ~del.vbs.bat that waits two seconds and then deletes both the original VBScript and the batch file. The script also wraps deployment steps in an On Error Resume Next statement so failures do not generate visible error dialogs. The remaining artifacts are likely the files placed in the Startup folder and a running NOVUpdate.exe process.

Researchers note that DLL sideloading has been used for years by backdoors such as PlugX and ShadowPad. Using a legitimately signed updater as a sideloading host can complicate detection because the parent executable appears signed and may be trusted by endpoint defenses.

Max Gannon, cyber intelligence team manager at Cofense, noted: “Most of the techniques described here are relatively well known and have been seen before. What is unusual is that it also installs a working copy of Claude, which is rather large. Installation and use of a resource-intensive program can help disguise other background activity.”