Fake Claude site installs malware that gives attackers access to your computer

Fake Claude site installs malware that gives attackers access to your computer

Don’t have an account? Sign up > Try our antivirus with a free, full-featured 14-day trial Protect your team’s devices and data – no IT skills needed Explore award-winning endpoint security for your business Claude’s rapid growth—nearly 290 million web visits per month—has made it an attractive target for attackers, and this campaign shows how easy it is to fall for a fake site. We discovered a fake website impersonating Anthropic’s Claude to serve a trojanized installer. The domain mimics Claude’s official site, and visitors who download the ZIP archive receive a copy of Claude that installs and runs as expected. But in the background, it deploys a PlugX malware chain that gives attackers remote access to the system. The fake site presents itself as an official download page for a “Pro” version of Claude and offers visitors a file called Claude-Pro-windows-x64.zip. Passive DNS records s

Source: https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer