By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

If you have been using or thinking about using Claude, Anthropic’s AI assistant, this one is for you. Researchers at Sophos just published findings on a fake Claude website that has been quietly handing out malware to anyone who clicks “download.” Yikes!

The fake site, “claude-pro[.]com”, looks a little like the real thing. Same general color palette, similar fonts. But it is stripped down and mostly non-functional, which should be a red flag for users that something is fishy.

What it does offer is a download link for something called “Claude-Pro Relay.” What do you actually get? A tasty salmon? A tender trout? Nope, a 505-megabyte zip file containing an installer that drops three files into your startup folder and then gets to work compromising your system.

Scene from Wheel of Fish. Courtesy photo

Sadly, not as fun as Wheel of Fish from the classic, 1989 Weird Al movie, UHF. The attack uses a technique called DLL sideloading. What does that do? The installer drops a legitimate, signed file from G DATA antivirus software alongside a malicious replacement for one of its support files. The real file loads the fake one without complaint, because it is just doing what it was designed to do. From there, a loader called Donut decrypts a hidden payload and drops a backdoor the Sophos team has named “Beagle.” Beagle is not fancy, but it doesn’t need to be. It can run commands, upload and download files, create and rename directories, and phone home to a command-and-control server. That is more than enough to ruin your day.

Claude logo

The researchers also found what may be a linked site presenting itself as a corporate investigations firm with a very dramatic “About” section involving black Moleskine notebooks and high-security German shredders. Nobody can find any evidence this company actually exists, which makes sense.

How does the fake site reach people? Almost certainly through malvertising. Threat actors pay to have their malicious sites appear as sponsored results in search engines. You search for Claude, you click what looks like a reasonable result, and you’re on the hook, ready to be reeled in.

The fixes here are the same fixes that always apply. Use bookmarks for tools you rely on regularly. Be very cautious with sponsored search results, especially for software downloads. The real Claude lives at claude.ai, full stop. And if you work on a Windows machine and want to do a quick check, look for files called NOVupdate.exe, avk.dll, and NOVupdate.exe.dat in your startup folder. If they are there, you could have a problem. Be careful what you download, and from where you download, if you get to a fake site for anything, not just Claude, you could compromise your entire system and open yourself up to attack.

Stay sharp out there. Fake Claude is ready to take over your laptop, so be careful what you download!

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.