FCI Cyber Inc.

🔸 (Cyber News) Threat actors are actively exploiting the popularity of Claude by creating convincing fake websites that distribute trojanized installers.

🔸 In this campaign, users downloading a supposed “pro” version unknowingly install legitimate software alongside hidden malware (specifically a PlugX variant) delivered via DLL sideloading.

🔸 Small details, like misspelled file paths, highlight how subtle these attacks can be.

🔸 Organizations should reinforce user awareness around downloading software only from verified domains, implement endpoint detection and response (EDR) to catch sideloading behavior, and restrict ex*****on from user directories and startup folders.

🔸 Given the rise in AI-themed lures, financial services firms and other high-value targets should treat AI tools as part of their attack surface and incorporate them into phishing and threat simulation training.

Too popular? Fake Claude website distributes malware to visitors According to Malwarebytes, the malicious file contains an MSI installer that mimics the legitimate Anthropic installation chain and installs the real Claude application.