Cybersecurity researchers at Sophos X-Ops have discovered a previously undocumented malware backdoor, dubbed “Beagle,” being distributed through a fake website impersonating Anthropic’s Claude AI platform.
The malicious website, posing as a legitimate Claude AI download portal, offers a fraudulent “Claude-Pro Relay” application that delivers malware disguised as a Windows installer. Researchers believe the campaign is part of an active malvertising operation that leverages sponsored search results and deceptive websites to lure users seeking popular AI tools.
Initially suspected to be linked to the well-known PlugX malware family due to similarities in its attack chain, Sophos found that the infection instead deploys an open-source in-memory loader called DonutLoader, which then installs the newly identified Beagle backdoor.
Once activated, the malware uses DLL sideloading techniques and encrypted payloads to evade detection. Beagle enables attackers to remotely execute commands, upload and download files, create or delete directories, and maintain persistent access to compromised systems. The malware communicates with command-and-control servers over TCP and UDP connections using encrypted traffic.
Researchers also identified multiple related malware samples dating back to February 2026, suggesting an ongoing campaign that has evolved over time. Some samples used similar encryption methods and delivery techniques but deployed different malware payloads, including tools associated with other cybercriminal operations.
The discovery highlights a growing cybersecurity trend in which threat actors exploit the popularity of artificial intelligence platforms by creating convincing fake websites and malicious advertisements. Sophos warned users to download AI software only from official sources and to remain cautious when clicking sponsored search results or online advertisements.
The company also advised organizations to monitor for indicators of compromise associated with the campaign and verify systems for suspicious files linked to the attack.
