Fake Claude Site Installs Malware That Gives Attackers Access to Your Computer
Attackers have set up a convincing fake Claude download site that delivers a working copy of the app while secretly installing PlugX malware in the background.
The installer uses a DLL sideloading trick with a legitimate G DATA updater, so the infection looks normal and can stay hidden.
Malwarebytes found the malware quickly calling out to a remote server, adding files to the Windows Startup folder, and deleting parts of its own installer to make detection harder.
Why This Matters
This shows how cybercriminals are exploiting interest in AI tools with polished fake sites and familiar branding. As more business professionals explore AI platforms like Claude, attackers are counting on urgency and unfamiliarity to trick users into downloading from the wrong source.
What You Should Do
- Download Claude only from the official site — never from third-party links or search ads.
- Check for suspicious files or a misspelled “Cluade” folder on your system if you think you may have been affected.
- Keep your security software up to date and run a scan if anything looks off.
This is a timely reminder that data safety and cybersecurity go hand in hand with adopting AI tools. Always verify the source before downloading any software — especially when it involves tools you use for work.
