1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Threat actors are clearly adapting to the widespread interest in

    From TechnologyDaily@1337:1/100 to All on Friday, May 08, 2026 17:15:28
    'Threat actors are clearly adapting to the widespread interest in popular AI tools': AI fans beware, hackers create a fake Claude site to spread backdoor malware

    Date:
    Fri, 08 May 2026 16:10:00 +0000

    Description:
    Sophos found a fake Claude website deploying a simple but effective RAT.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A spoofed site ( claude-pro[.]com ) delivers poisoned installers that sideload DonutLoader and the Beagle backdoor The operation mimics legitimate Claude software, likely tied to PlugX operators using DLL sideloading Researchers warn of malicious ads and SEO poisoning, urging users to verify links before downloading If youre looking to download the Claude client on Windows, be careful, because there are fake and malicious versions out there looking to exploit interest
    in new AI models.

    Security researchers from Sophos have flagged how one such alleged Claude Pro offering led them to a website claude-pro[.]com. The site itself was built to look identical to the legitimate claude.ai official website, but the researchers determined it was fake rather quickly, as none of the links or buttons on the site, aside from the download one, worked - all redirecting back to the homepage. Those who didnt spot the scam, and clicked the download button, would end up with a working version of Claude - however, one which
    had been poisoned to also deliver an updater, and a DLL file. In classic DLL sideloading fashion, the updater runs the malicious DLL which, in turn, deploys a loader malware called DonutLoader. Latest Videos From You may like Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools Be careful what you click - hackers use Claude Code leak to push malware Hackers exploit OpenClaw to spread malware via GitHub - and a little help from Bing Dropping Beagle This tool, in turn, fetched a
    relatively simple backdoor called Beagle, capable of running commands, uploading and downloading files, creating directories, uninstalling agents, and more.

    Sophos could not attribute this campaign to any particular threat actor, but they did say that it was most likely operated by the same people who are running PlugX.

    PlugX is a remote access trojan (RAT) usually used by Chinese state-linked threat groups to spy on victims, steal data, and maintain persistent access
    to compromised systems. The malware is described as being highly adaptable
    and modular, allowing attackers to execute commands, capture screenshots, log keystrokes, and move laterally across networks. It has been active for more than a decade and is one of the longer-running RATs out there.

    The attackers most likely planned to run malicious ads and SEO poisoning to reach their targets, so make sure to double-check the links in your search engine before visiting any websites. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The
    best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/threat-actors-are-clearly-adapting-to-t he-widespread-interest-in-popular-ai-tools-ai-fans-beware-hackers-create-a-fak e-claude-site-to-spread-backdoor-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)