Approximately 505 MB — the size of the ZIP archive being offered on a counterfeit site that mimics Anthropic's Claude interface, and the starting point for a Windows-targeting infection chain that delivers a previously undocumented backdoor Sophos X-Ops is calling Beagle.
claude-pro[.]com and the fake "Claude‑Pro Relay"
Sophos X-Ops found a fraudulent domain, claude-pro[.]com, presenting a stripped-down imitation of the legitimate Claude interface and advertising a fictitious tool labeled "Claude‑Pro Relay." The tool was served as an approximately 505 MB ZIP archive. Researchers assessed the site as part of an active malvertising campaign and traced the hosting infrastructure to a server set up in March 2026.
Signed G DATA updater used in DLL sideloading chain
The archive delivers an MSI installer that drops three items into the user's startup folder: a signed G DATA antivirus updater renamed NOVupdate.exe, an encrypted data file, and a malicious DLL named avk.dll. When the legitimate updater runs, it sideloads avk.dll in place of the expected library. That DLL decrypts the data file using a reversed XOR key and executes resulting shellcode, which loads DonutLoader — an open-source, in-memory loader that then deploys the final payload, the Beagle backdoor.
Sophos initially flagged the combination of a G DATA-signed binary, an avk.dll sideload, and an encrypted data file as reminiscent of PlugX activity; a February 2026 Lab52 report had linked those elements to PlugX. Because the chain here launches a different payload, researchers say the actor may have retooled an established infection chain or imitated one used by another group.
Beagle backdoor: functionality and communications
Beagle is, by Sophos's analysis, a relatively simple backdoor supporting eight commands that include shell execution, file transfer, directory listing and self-removal. It connects to its command-and-control server at license[.]claude-pro[.]com and communicates over TCP port 443 or UDP port 8080. Network traffic is encrypted using a hardcoded AES key embedded in the malware.
Related samples, variants, and infrastructure choices
Sophos identified additional samples on VirusTotal that share the same XOR key, with timestamps going back to February 2026. A March 2026 variant substituted the final payload with shellcode tied to AdaptixC2, an open-source red‑teaming framework the researchers have previously observed in ransomware attacks. Other related samples used domains masquerading as updates for Trellix, CrowdStrike and SentinelOne.
The campaign’s distribution layer ran through Cloudflare while the C2 infrastructure was hosted on Alibaba Cloud. Sophos notes that this separation — Cloudflare for delivery and Alibaba Cloud for C2 — could complicate takedown efforts and may signal a degree of operational continuity rather than a short-lived disposable campaign.
What this means for end users, security teams, and incident responders
- End users: the immediate point of exposure in these infections is a download presented as a legitimate tool (the "Claude‑Pro Relay") from the claude-pro[.]com domain and an MSI that drops a signed updater renamed NOVupdate.exe. Users presented with unusually large ZIP downloads claiming to be AI utilities or software updates are the specific risk vector identified in this campaign.
- Security teams: the indicators Sophos highlights are concrete — a signed G DATA updater running as NOVupdate.exe, the presence of avk.dll in a startup folder, an encrypted data file decryptable with a specific XOR routine, and connections to license[.]claude-pro[.]com on TCP 443 or UDP 8080. Detection and forensics can focus on those artifacts and on the use of DonutLoader as the in‑memory step that stages the Beagle payload.
- Incident responders: related samples on VirusTotal date to February and March 2026 and include variants that swap final payloads for AdaptixC2-linked shellcode. The reuse of elements across months and the split hosting strategy (Cloudflare distribution, Alibaba Cloud C2) are concrete signals responders should map when triaging or seeking takedown options.
Sophos X-Ops’s findings describe a campaign that borrows trusted binaries and an established sideloading technique to place a lightweight backdoor on Windows systems, while alternating or reusing payloads across samples. The observed split between distribution and command infrastructure, and the appearance of related samples from February and March 2026, are the specific factors researchers point to when they say this may be more than a short, disposable operation. The practical question the record leaves is whether actors deploying this chain will continue to retool payloads and domains — a pattern Sophos’s telemetry suggests is already underway.
Original reporting: https://www.infosecurity-magazine.com/news/fake-claude-site-beagle-backdoor/
