# Threat Actors Deploy Fake Claude Website to Distribute PlugX RAT Malware


A sophisticated social engineering campaign is leveraging counterfeit Anthropic installation pages to distribute the notorious PlugX remote access trojan (RAT), researchers have discovered. The attack combines credential theft tactics with advanced persistence techniques, highlighting the ongoing risk that legitimate software distribution channels remain prime targets for malware operators.


## The Threat


Security researchers have identified a malicious campaign distributing PlugX RAT through a fraudulent website impersonating Anthropic's official Claude AI installation portal. The attack leverages visual mimicry of legitimate software distribution practices combined with DLL sideloading—a technique that exploits how Windows loads dynamic libraries—to execute malicious code while evading detection.


What makes this campaign particularly concerning is its sophistication:


  • Credential harvesting: The fake website collects user credentials during the installation process
  • Persistent execution: Uses DLL sideloading to establish reliable malware persistence
  • Anti-forensics: The malware actively cleans up artifacts to remove evidence of compromise
  • High-value targeting: PlugX is historically deployed against government agencies, enterprises, and security researchers

    • The campaign demonstrates how threat actors continue to exploit trust in legitimate software distribution to compromise high-value targets.


    ## Background and Context


    ### About PlugX RAT


    PlugX is a notorious remote access trojan with a decades-long history of use by Chinese state-sponsored APT groups, including APT1 (Comment Crew) and Mustang Panda. The malware has been documented in attacks dating back to at least 2012 and remains one of the most persistent threats in the cyber espionage landscape.


    Key characteristics of PlugX:

  • Full remote code execution and system access
  • File exfiltration and keystroke logging
  • Process injection and lateral movement capabilities
  • Modular architecture supporting custom plugins
  • Frequent updates and variants to evade detection

    • ### DLL Sideloading as Persistence


    DLL sideloading is a legitimate-process-abuse technique that exploits Windows' library loading mechanism. When a trusted application (like a legitimate software installer) loads a dynamic library, Windows searches specific directories for the required DLL. Attackers place a malicious DLL in those paths, causing the legitimate application to execute attacker code without triggering security warnings.


    This technique is particularly effective because:

  • The parent process is signed and trusted by Windows
  • Legitimate application execution provides cover for malware activity
  • Security tools may whitelist the legitimate parent process
  • Detection requires inspecting DLL integrity, not just process reputation

    • ## Technical Details


    ### Attack Chain


    The campaign employs a multi-stage infection process:


    | Stage | Action | Purpose |

    |-------|--------|---------|

    | 1 | User visits fake Claude website | Social engineering |

    | 2 | Downloads "installer" package | Contains legitimate signed binary + malicious DLL |

    | 3 | Legitimate installer executes | Windows loads malicious DLL via sideloading |

    | 4 | PlugX RAT instantiates | Reverse shell connects to attacker C2 |

    | 5 | Cleanup routines execute | Removes installer artifacts and logs |


    ### Website Spoofing


    The threat actors invested substantial effort in mimicking Anthropic's official installation experience. The fake website reportedly:


  • Mirrors official design: Copied Anthropic's branding, layout, and user interface
  • Mimics download flow: Replicates the legitimate software distribution workflow
  • Uses SSL certificates: Likely obtained through legitimate certificate authorities (possibly via compromised domains)
  • Displays legitimate-looking metadata: File signatures, version information, and publisher details appear authentic

    • ### DLL Sideloading Implementation


    The specific DLL sideloading technique leverages a legitimate Windows binary bundled with Claude. When the installation routine executes this binary, it searches for required libraries. Attackers place a malicious DLL in the installation directory, achieving code execution before security software can intervene.


    The cleanup functionality—actively removing installation artifacts, temporary files, and potentially forensic evidence—suggests sophisticated development and familiarity with endpoint detection and response (EDR) evasion.


    ## Implications for Organizations


    ### Risk to Users


    Direct users: Anyone downloading software from the fake website receives the PlugX payload. Victims experience:

  • Complete system compromise: Full remote access to attackers
  • Data exfiltration: Credentials, documents, and sensitive files are accessible to threat actors
  • Lateral movement enablement: Compromised systems become pivot points for network-wide attacks
  • Supply chain compromise: Legitimate software channels become attack vectors

    • ### Broader Security Ecosystem Impact


    This campaign illustrates several concerning trends:


    1. Software distribution supply chain risk: Legitimate software remains a high-value attack surface

    2. Credential theft sophistication: Users cannot visually distinguish authentic sites from forgeries

    3. APT capability advancement: Nation-state groups continue evolving social engineering and evasion techniques

    4. Detection evasion: Anti-forensics functionality suggests attackers operate with confidence in evading traditional analysis


    ### Targeted Organizations


    PlugX's historical targeting patterns suggest this campaign likely aims at:

  • Government agencies and defense contractors
  • Critical infrastructure operators (energy, telecommunications, water)
  • Technology companies and software developers
  • Security researchers and threat intelligence analysts
  • Diplomatic and intelligence organizations

    • ## Recommendations


    ### For Individual Users


    Immediate actions:

  • Verify URLs carefully: Only download from officially published URLs; bookmark official sites rather than searching
  • Check digital signatures: Validate software publisher signatures and certificate chains before installation
  • Monitor downloads: Pay attention to download sources and distribution mechanisms
  • Update immediately: If you downloaded Claude from unfamiliar sources, assume compromise and perform malware scans

    • Ongoing practices:

  • Use URL verification browser extensions (e.g., browser warnings for suspicious domains)
  • Implement multi-factor authentication on high-value accounts
  • Maintain offline backups of critical data
  • Subscribe to official announcement channels (mailing lists, social media) for software updates

    • ### For Organizations


    Detection and response:

  • Hunt for PlugX indicators: Use known file hashes, C2 domains, and network signatures to search for compromise
  • Inspect DLL loading: Monitor unusual DLL sideloading patterns in execution logs
  • Review installation artifacts: Search for temporary files or unusual library staging in application directories
  • Analyze network connections: Identify connections to known PlugX command-and-control infrastructure

    • Prevention strategies:

  • Software distribution security: Implement application whitelisting and only permit signed executables
  • URL filtering: Block known malicious domains and monitor for domain spoofing
  • Supply chain controls: Verify digital signatures and monitor software sources
  • User training: Conduct security awareness training on social engineering and credential theft
  • EDR deployment: Deploy endpoint detection and response solutions to identify DLL sideloading and RAT behavior

    • Incident response:

  • Assume full system compromise; re-image affected systems rather than attempting remediation
  • Rotate all credentials used on compromised systems
  • Conduct forensic analysis to determine data access and exfiltration scope
  • Notify relevant government agencies (CISA, FBI, national authorities) if targeting was suspected

    • ## Conclusion


    The PlugX RAT campaign distributing through a fake Claude website represents a sophisticated threat that combines social engineering credibility with advanced technical evasion. As software distribution channels remain a reliable attack vector, organizations and users must maintain heightened scrutiny around download sources, implement robust detection controls, and assume that sophisticated threat actors continue evolving their tactics against trusted installation processes.


    Security awareness, digital signature verification, and proactive threat hunting remain essential defenses against these campaigns.