Cybercriminals have registered a fake website impersonating Anthropic’s Claude AI assistant and are using it to distribute a previously unknown backdoor called Beagle. Visitors to the fraudulent site are invited to download “Claude-Pro Relay,” described as a high-performance tool for developers. The 505 MB installer looks legitimate — it even opens a working Claude interface — but quietly drops three hidden files into your Windows Startup folder that give the attackers complete control of your computer.
Once installed, the Beagle backdoor connects to attacker-controlled servers and allows criminals to run commands, browse your files, upload or download data, and maintain access even after you reboot. The malware is designed to hide inside a signed, trusted program to avoid triggering antivirus alerts. If you searched for Claude online and downloaded it from a site other than claude.ai or anthropic.com, you may be at risk.
How to check if you’re affected
Affected devices are any Windows computers where you downloaded and ran a Claude AI installer from a site other than the official claude.ai or anthropic.com domains.
- Open the Windows Startup folder: press Win + R, type
shell:startup, and press Enter. - If you see files named NOVupdate.exe, NOVupdate.exe.dat, or avk.dll, your computer is compromised.
- Check Task Manager (Ctrl + Shift + Esc) for processes named “NOVupdate” running in the background.
- Run a full scan with Windows Defender or your antivirus; update definitions first.
- Change passwords for all accounts you accessed from that computer, starting with email and banking.