Cybersecurity researchers at Malwarebytes have discovered a fake Claude AI website distributing PlugX malware, a remote access trojan that's been used in espionage campaigns for nearly a decade. The sophisticated attack lures victims with a fake "pro version" of Anthropic's Claude chatbot, which installs the legitimate app but also deploys malicious files through a hidden VBScript dropper that connects to command-and-control servers hosted on Alibaba Cloud. This campaign highlights how threat actors are exploiting the growing popularity of AI tools to trick users into downloading trojanized software, using techniques previously seen in Chinese espionage operations though the malware's code has now spread among multiple threat groups.