Overview
- Sophos X-Ops, which published new analysis Thursday, says a look‑alike site at claude-pro[.]com lures users to download a 505 MB “Claude‑Pro Relay” archive that begins the attack.
- The MSI installer drops a signed G DATA updater renamed NOVupdate.exe, a malicious avk.dll, and an encrypted data file into the Startup folder to trigger a DLL sideload.
- The sideloaded DLL decrypts the payload and launches DonutLoader in memory, which then runs the Beagle backdoor without writing it to disk.
- Beagle can run shell commands and move files, and it talks to license.claude-pro[.]com over TCP 443 or UDP 8080 using an embedded AES key, with the server hosted at 8.217.190[.]58 in an Alibaba Cloud range.
- Investigators linked related samples from February through April that reused the same XOR key and alternate delivery chains, noted malware delivery through Cloudflare with C2 on Alibaba Cloud, and urged users to install Claude only from the official site and to treat NOVupdate files as a red flag.