A fake site that mimics Claude AI's website has been used to distribute a malicious installer that apparently offers a "Claude-Pro Relay" but actually installs a Windows backdoor that researchers have baptized as Beagle. The trap combines basic social engineering - a page with colors and typographs similar to the original - with a large download containing a trashed MSI installer to make the application look legitimate while running malicious code in the background.
What is remarkable from the technical point of view is the infection chain: the installer acts as a decoy while dropping a number of components that include a signed executable and a DLL loaded by sideloading, using DonutLoader as in-memory injector and finally the deployment of the backdoor in memory. This combination pursues two objectives: that the user perceives that the application works and at the same time complicate traditional detection based on disk and signatures.
In addition to the mechanics of the attack, there are clear signs of re-use of historical tactics and an operation with a certain degree of sophistication: the use of a signed executable of a security product to load a malicious DLL is a known technique that has been linked in the past to families like PlugX, and communication with the command center is done by means of encrypted channels to a subdomain that emulates the brand of the false service. Public analyses also indicate an IP associated with cloud services as a possible command and control infrastructure.
This case is not isolated: the operators behind these campaigns test different vectors, from decoy PDFs and binary of legitimate supplanted solutions to false update pages of security providers. The pattern reveals that the attack surface is not only the direct download of software, but also the results sponsored by search engines, suspicious mirrors and impostor updates of known software.
For users and administrators the lesson is double. On the one hand, always verify the origin of an installer and download it only from the official supplier's portal (e.g. Anthropic for Claude) or from confirmed repositories drastically reduces the risk. On the other hand, there are technical indicators that should activate alarms: the presence of called files NOVupdate.exe and your partner (.dat / .dll) in start folders, processes that inject code into memory and outgoing communications to unrecognized domains or PIs are signs to investigate.
At the operational level it is appropriate to complement digital hygiene with technical controls: to apply allow-listing of applications, to keep EDR and signatures up to date, to monitor DNS traffic and out of date by unusual connections, and to block IP domains or addresses associated with the campaign where possible. For response equipment, capture the memory of the suspicious process and review in-memory injection techniques will facilitate the detection of loads such as Donut and the extraction of indicators.
Users should also be disconfident of sponsored results and avoid running unverified source installers, and organizations should integrate specific detections into their rules: scanning for name boot such as NOVupdate.exe, audit MSI facilities outside controlled channels and review implementations of signed updates that may be being abused for sideloading.
For those who want to deepen technical findings and campaign monitoring, public detection reports offer context and samples analyzed by independent researchers: see the initial analysis published by Malharebytes documenting the campaign of subplanting and remote access, as well as the work of Sophos that disaggregate the Donut → Beagle chain and the sideloading mechanisms used by the attackers. See analysis in Malharebytes and on Sophos's blog about related tactics and tools in this report.
The conclusion is that the popularity of IA tools has become an attractive hook for social engineering and supply-chain light attacks; protection requires both user common sense and coordinated technical controls on the network and endpoints to prevent a false service from becoming a back door in their systems.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...