Fake Claude AI Site Distributes Beagle Malware via G Data Signed Executables
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (May 7, 2026) — A fraudulent website impersonating the Claude artificial intelligence platform is distributing a malicious Windows program named Beagle, granting attackers remote access to infected systems. The campaign, detected globally on Wednesday, utilizes a sophisticated chain involving PlugX malware and G Data signed executables to evade security measures.
The malicious operation targets users attempting to access the legitimate AI service. Instead of connecting to the official platform, visitors are directed to a counterfeit site designed to mimic the authentic interface. Once users download what appears to be a necessary update or plugin, the system installs the Beagle malware. This software establishes a command-and-control channel, allowing threat actors to execute commands, steal data, and maintain persistent access to compromised machines.
Security researchers identified a distinct method used to bypass antivirus protections. The attackers are leveraging a technique known as sideloading, utilizing executables that carry valid digital signatures from G Data, a well-known cybersecurity firm. By embedding malicious code within signed files, the campaign attempts to trick security software into treating the threat as legitimate. The PlugX malware chain is also present in the infection vector, a tool historically associated with advanced persistent threats and state-sponsored espionage.
The scope of the attack is currently global, with no specific geographic concentration identified. The timing of the distribution coincides with increased public interest in generative AI tools, suggesting the threat actors are capitalizing on high-traffic search queries related to the Claude platform. The specific motivation behind the campaign remains unclear, as no ransom demands or data exfiltration claims have been publicly linked to the incident.
Cybersecurity experts warn that the use of valid signatures from reputable vendors significantly complicates detection efforts. Standard antivirus solutions often whitelist signed files, allowing the malicious payload to execute without triggering alerts. This technique represents a shift in tactics, moving beyond traditional phishing emails to more direct exploitation of user trust in established software vendors.
The incident highlights the growing sophistication of cybercriminal groups targeting AI infrastructure. As organizations and individuals increasingly rely on generative AI for daily tasks, the surface area for social engineering attacks expands. The counterfeit site remains active, and the full extent of the compromise is not yet known.
Questions remain regarding the identity of the threat actor responsible for the campaign and the specific objectives of the operation. It is unclear whether the stolen access will be used for financial gain, espionage, or as part of a larger botnet infrastructure. Authorities have not yet issued a formal advisory, and the operators of the fake website have not been identified.
The situation continues to develop as security firms analyze the malware's capabilities and trace the origin of the G Data signed executables. Users are advised to verify the authenticity of AI platforms before downloading any software and to exercise caution when encountering unsolicited updates.