Forensic Summary

Threat actors created a convincing fake website impersonating Anthropic's Claude AI to trick developers into downloading a trojanized installer that deploys the new 'Beagle' backdoor alongside a PlugX malware chain. The campaign specifically targets Claude-Code developers by advertising a fraudulent 'high-performance relay service,' suggesting deliberate targeting of the AI developer community. The attack leverages DLL sideloading via a legitimate signed G Data executable to evade detection while establishing persistent remote access.

Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/fake-claude-ai-site-used-to-distribute-beagle-backdoor-and-plugx-malware/