Fake Claude site installs malware that gives attackers access to your computer
6 hours ago
- #Malware Analysis
- #Cyber Threat
- #PlugX
- A fake Claude website distributes a trojanized installer deploying PlugX malware.
- The malware uses DLL sideloading via a legitimate G DATA updater (NOVUpdate.exe) to avoid detection.
- The dropper script hides malicious activity and self-deletes after deploying payloads to the Startup folder.
- Sandbox analysis shows rapid C2 communication to an Alibaba Cloud IP (8.217.190.58:443).
- Similar PlugX campaigns have been recently documented, indicating reuse of techniques with new lures.
- Users should only download Claude from the official site and check for specific IOCs to detect infection.