Anthropic’s Claude is living the dream, and threat actors have taken note of its popularity. A website pretending to be a legitimate Claude domain was caught serving a remote access trojan to its visitors.

According to Malwarebytes, a cybersecurity company that discovered the scheme, Claude’s rapid growth – nearly 290 million web visits per month – has made it an attractive target for attackers.

This particular campaign indeed shows how easy it is to fall for a fake site. Researchers found that the fake website hosts a download link pointing to a ZIP archive containing an allegedly pro version of the large language model.

In reality, the file contains an MSI installer that mimics the legitimate Anthropic installation chain.

Importantly, the installer still installs the real Claude application. But when the user then tries to launch the Claude app via the Desktop shortcut, a VBScript dropper begins installing malware in the background.

As Malwarebytes explains on its blog, the installer installs to C:\Program Files (x86)\Anthropic\Claude\Cluade\ – a path designed to mimic a legitimate Anthropic installation, complete with a reference to Squirrel, the update framework that real Electron-based applications like Claude use.

The misspelling “Cluade” is a clear red flag. But if a victim doesn’t see it and continues with the installation, the VBScript drops three files in the startup folder, including NOVUpdate.exe, a signed G Data antivirus updater abused for DLL sideloading to execute a PlugX malware variant.

“This pattern – a signed executable, a trojanized DLL, and an encrypted data file forming a three-component sideloading triad – is characteristic of the PlugX malware family, a remote access Trojan tracked in espionage campaigns since at least 2008,” said Malwarebytes.

PlugX has historically been associated with espionage operators linked to Chinese state interests. However, researchers note that PlugX source code has circulated in underground forums, broadening the pool of potential operators.

“What is clear is that the operators behind this campaign have combined a proven sideloading technique with a timely social engineering lure – exploiting the surging popularity of AI tools to trick users into running a trojanized installer,” Malwarebytes said.

It’s not the first case of attackers attempting to exploit Claude’s popularity – or vulnerabilities.

For example, a critical zero-click vulnerability, discovered in late 2025 by a security researcher through HackerOne in Anthropic’s Claude Chrome Extension, exposed millions of users to potential account takeover attacks simply by visiting a malicious website.

---

Unlock more exclusive Cybernews content on YouTube.