Fake Claude AI Installer Targets Windows Users with PlugX Malware

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems.

Cybersecurity experts from Malwarebytes have found a malicious new campaign where scammers use the popularity of Anthropic’s AI tool Claude to spread malware. Reportedly, hackers made a fake website that looks just like the official one from Anthropic and offers a Pro version of the tool for Windows to lure people into downloading a malicious file.

The scam kicks in after the user is led to visit a site via phishing emails and downloads a folder named Claude-Pro-windows-x64.zip. There’s an n MSI installer inside it that places a shortcut called Claude AI.lnk on the desktop, which runs a VBScript when clicked.

This script first launches the original Claude app to keep the user distracted and simultaneously installs the PlugX malware to allow hackers to ...