Fake Claude AI Site Delivers PlugX Malware in Trojanized Installer

Executive Summary

A convincing fake website impersonating the legitimate Claude AI service is being used to distribute malware. The site hosts a trojanized version of the Claude desktop application that, when installed, silently deploys the PlugX remote access trojan (RAT), granting attackers persistent backdoor access to compromised systems. This campaign represents a significant escalation in social engineering tactics targeting the rapidly growing user base of generative AI tools.

Technical Analysis

According to analysis by Malwarebytes, the threat actors have registered a domain name visually similar to the legitimate Anthropic service. The site mimics the official Claude.ai interface with high fidelity, tricking users into downloading a malicious installer. The downloaded file, named Claude_Setup.exe, presents a legitimate-looking installation wizard, creating a functional copy of the genuine Claude application in %LocalAppData%\Programs\Claude. This serves as a decoy to avoid user suspicion.

Concurrently, the installer executes a malicious DLL, identified as a variant of the PlugX RAT, in the background. PlugX is a modular backdoor with a long history of use by various threat actors, particularly in Asia-Pacific cyber-espionage campaigns. Once installed, the malware establishes command-and-control (C2) communication, allowing operators to execute arbitrary commands, exfiltrate data, and deploy additional payloads onto the victim's machine. The malware achieves persistence through mechanisms not detailed in the public report, but PlugX is known for using registry run keys or scheduled tasks.

Tactics, Techniques & Procedures

The campaign employs a multi-stage infection chain blending sophisticated social engineering with established malware deployment techniques.

• Initial Access (TA0001): The primary vector is Drive-by Compromise (T1189) via a fraudulent website. Attackers leverage Domain Squatting (using a domain name similar to the legitimate service) as part of Phishing (T1566).
• Execution (TA0002): The user is tricked into executing the trojanized Claude_Setup.exe, which uses a Signed Binary Proxy Execution (T1218) pattern by bundling a legitimate, signed application with a malicious component.
• Defense Evasion (TA0005): The installer employs Masquerading (T1036) by mimicking the official Claude brand and installation process. The deployment of a functional decoy application is a form of Hide Artifacts (T1564) to reduce user alertness.
• Persistence (TA0003) & Command and Control (TA0011): The final payload is the PlugX RAT, which typically establishes persistence via Registry Run Keys / Startup Folder (T1547.001) and uses encrypted channels for Application Layer Protocol (T1071) communication with attacker-controlled infrastructure.

Threat Actor Context

The public report from Malwarebytes does not attribute this campaign to a specific threat actor or group. However, the use of PlugX provides some contextual clues. PlugX is a commodity RAT with origins in Chinese cyber-espionage operations but has since been adopted by a wide range of criminal and state-aligned groups. Its deployment in this campaign suggests actors with access to established malware kits, possibly focusing on broad intelligence gathering or initial access brokerage. The choice to target AI tool users may indicate an interest in compromising individuals or organizations in technology, research, or competitive business sectors.

Mitigations & Recommendations

• Source Verification: Always download software directly from the vendor's official website or verified app stores. Double-check URLs for subtle misspellings or incorrect top-level domains (e.g., .com vs .net).
• Endpoint Protection: Ensure endpoint detection and response (EDR) or antivirus solutions are deployed and updated. Configure policies to block execution from temporary download directories when possible.
• User Training: Educate employees and users on this specific threat. Highlight that AI tools are now high-value targets for phishing and that they must verify download sources meticulously.
• Network Monitoring: Implement egress filtering and monitor for unexpected connections from workstations, especially to unknown IP addresses or domains in geographic regions not relevant to business operations.
• Least Privilege: Enforce the principle of least privilege on user accounts to hinder malware persistence mechanisms and lateral movement.