Donuts and Beagles: Fake Claude site spreads backdoor
A fraudulent website impersonating Anthropic's Claude AI platform distributes a previously undocumented backdoor called Beagle via malvertising. Victims are tricked into downloading a fake tool, Claude-Pro Relay, which uses DLL sideloading exploiting a signed G DATA antivirus updater to execute malicious code. Beagle supports multiple commands such as shell execution and file transfer, communicating with command and control servers using AES encryption. Variants also deploy the AdaptixC2 framework. The threat infrastructure uses Cloudflare for distribution and Alibaba Cloud for command and control. Additional domains impersonate well-known security vendors to facilitate the campaign. No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
This malware campaign involves a fake Claude AI platform website distributing a backdoor named Beagle through malvertising. The infection chain leverages DLL sideloading by abusing a signed G DATA antivirus updater to load malicious payloads. Beagle backdoor supports eight commands including shell execution, file transfer, and directory listing, communicating with its C2 servers via AES encryption. Some samples date back to February 2026 and include variants deploying the AdaptixC2 framework. The attackers also impersonate domains of security vendors like Trellix, CrowdStrike, and SentinelOne. The infrastructure uses Cloudflare for malware distribution and Alibaba Cloud for command and control operations. There are no known exploits in the wild beyond this campaign, and no vendor advisories or patches have been identified.
Potential Impact
The Beagle backdoor enables attackers to execute arbitrary shell commands, transfer files, and enumerate directories on compromised systems, potentially allowing extensive unauthorized control. The use of DLL sideloading with a signed antivirus updater may bypass some security controls. The campaign's use of malvertising and impersonation of trusted security vendors increases the likelihood of victim infection. However, no known widespread exploitation or additional threat actor attribution has been confirmed.
Mitigation Recommendations
No official patch or remediation guidance is currently available for this threat. Defenders should block access to the identified malicious domains (claude-pro.com and license.claude-pro.com) and monitor for indicators of compromise related to DLL sideloading of the G DATA antivirus updater. Since this is a malware distribution campaign relying on social engineering, user awareness and blocking malvertising sources are recommended. Check vendor advisories regularly for updates on detection and remediation.
Indicators of Compromise
- domain: claude-pro.com
- domain: license.claude-pro.com
Donuts and Beagles: Fake Claude site spreads backdoor
Description
A fraudulent website impersonating Anthropic's Claude AI platform distributes a previously undocumented backdoor called Beagle via malvertising. Victims are tricked into downloading a fake tool, Claude-Pro Relay, which uses DLL sideloading exploiting a signed G DATA antivirus updater to execute malicious code. Beagle supports multiple commands such as shell execution and file transfer, communicating with command and control servers using AES encryption. Variants also deploy the AdaptixC2 framework. The threat infrastructure uses Cloudflare for distribution and Alibaba Cloud for command and control. Additional domains impersonate well-known security vendors to facilitate the campaign. No official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This malware campaign involves a fake Claude AI platform website distributing a backdoor named Beagle through malvertising. The infection chain leverages DLL sideloading by abusing a signed G DATA antivirus updater to load malicious payloads. Beagle backdoor supports eight commands including shell execution, file transfer, and directory listing, communicating with its C2 servers via AES encryption. Some samples date back to February 2026 and include variants deploying the AdaptixC2 framework. The attackers also impersonate domains of security vendors like Trellix, CrowdStrike, and SentinelOne. The infrastructure uses Cloudflare for malware distribution and Alibaba Cloud for command and control operations. There are no known exploits in the wild beyond this campaign, and no vendor advisories or patches have been identified.
Potential Impact
The Beagle backdoor enables attackers to execute arbitrary shell commands, transfer files, and enumerate directories on compromised systems, potentially allowing extensive unauthorized control. The use of DLL sideloading with a signed antivirus updater may bypass some security controls. The campaign's use of malvertising and impersonation of trusted security vendors increases the likelihood of victim infection. However, no known widespread exploitation or additional threat actor attribution has been confirmed.
Mitigation Recommendations
No official patch or remediation guidance is currently available for this threat. Defenders should block access to the identified malicious domains (claude-pro.com and license.claude-pro.com) and monitor for indicators of compromise related to DLL sideloading of the G DATA antivirus updater. Since this is a malware distribution campaign relying on social engineering, user awareness and blocking malvertising sources are recommended. Check vendor advisories regularly for updates on detection and remediation.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor"]
- Adversary
- null
- Pulse Id
- 69fcc63f1dce161fc2f8380c
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainclaude-pro.com | — | |
domainlicense.claude-pro.com | — |
Threat ID: 69fda78fcbff5d8610b5622d
Added to database: 5/8/2026, 9:06:23 AM
Last enriched: 5/8/2026, 9:21:34 AM
Last updated: 5/8/2026, 1:51:50 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.