What's Happening?
A fraudulent website mimicking Anthropic's Claude AI has been identified as distributing a new backdoor malware named Beagle. The site, claude-pro[.]com, offers a fake tool called Claude-Pro Relay, which, when downloaded, installs malware through a DLL
sideloading chain. This campaign, analyzed by Sophos X-Ops, uses a signed antivirus updater to execute the malicious DLL, leading to the deployment of the Beagle backdoor. The malware supports various commands, including shell execution and file transfer, and communicates with its command-and-control server using encrypted traffic.
Why It's Important?
The discovery of the Beagle backdoor highlights the ongoing threat of cyberattacks targeting AI platforms and their users. By exploiting the trust associated with legitimate AI tools, cybercriminals can distribute malware to a wide audience, posing significant risks to data security and privacy. This incident underscores the need for robust cybersecurity measures and vigilance among users to prevent such attacks. The use of sophisticated techniques, such as DLL sideloading and encrypted communication, indicates a high level of operational capability among threat actors, necessitating continuous advancements in cybersecurity defenses.
