Sophos: "Beagle" backdoor distributed via fake Claude AI site using DonutLoader + DLL sideloading on a signed G DATA AV updater

Sophos X-Ops (cluster STAC4713) published a write-up on 2026-05-07 of a malvertising campaign using the counterfeit claude-pro[.]com site to distribute a previously-undocumented Windows backdoor named Beagle (Sophos X-Ops, 2026-05-07 · Malwarebytes, 2026-04-10 (earlier wave)). The chain delivers a 505 MB ZIP archive containing a malicious MSI that sideloads an attacker-controlled DLL alongside a legitimate, signed G DATA antivirus updater executable (T1574.002 DLL Side-Loading). The first-stage DonutLoader shellcode then fetches and injects Beagle into memory. Beagle communicates with license.claude-pro[.]com over TCP/443 and UDP/8080 with AES-encrypted payloads; supported commands are cmd, upload, download, ls. Sophos notes TTP similarity with PlugX operators (BRONZE PRESIDENT / Dragon Breath clusters) but explicitly does not confirm attribution. The campaign's distribution infrastructure was established March 2026 with samples observed in February, April and May.

The targeting class is the operationally important part: counterfeit AI-tooling sites lure technical users — developers, ML engineers, IT admins — who often hold privileged access to source code, cloud environments, and secrets. Defenders should treat AI-tool installer downloads as a high-risk software class and require allow-listed sources (anthropic.com, claude.ai, OS package managers) rather than ad-hoc web search results.