A new phishing campaign has emerged, leveraging the popularity of the AI tool Claude to distribute the PlugX remote access trojan (RAT). A threat actor created a fake website that hosts a download link for a ZIP archive masquerading as a pro version of the Claude application. When users install this package, it mimics the legitimate installation but actually runs a VBScript that stealthily installs PlugX while appearing to launch the legitimate app. This method employs DLL sideloading through a signed antivirus updater executable and is designed to suppress error messages, thereby evading detection. The persistence of the malware is ensured by placing files in the startup folder, and initial scripts self-delete to cover up the attack chain.
Claude: Claude is a family of large language models developed by Anthropic, designed with a focus on safety, helpfulness, and alignment through constitutional AI principles. The model has seen widespread adoption for tasks like coding, analysis, and conversation. In this incident, threat actors exploited Claude’s surging popularity by creating a fake website offering a pro version download that installs PlugX RAT malware alongside the legitimate app.
Malwarebytes: Malwarebytes is a cybersecurity firm that develops endpoint protection platforms to detect and remediate malware, ransomware, and advanced threats. It provides threat intelligence and analysis on emerging campaigns. The company detailed the infection chain of the fake Claude site, highlighting VBScript droppers, DLL sideloading, and PlugX deployment techniques.
`json
{
“Phishing Lure”: “Attackers exploit the popularity of AI tools like Claude for social engineering by mimicking legitimate installers to trick users into downloading trojanized ZIP archives.”,
“Malware Technique”: “The campaign uses DLL sideloading with a signed antivirus updater executable to run a PlugX RAT variant, while suppressing errors to avoid detection.”,
“Persistence Method”: “Malware artifacts persist only as files in the startup folder, with initial scripts self-deleting to erase evidence of the infection chain.”
}
`