The Reveal Platform
Intel Name: Donuts and beagles: fake claude site spreads backdoor
Date of Scan: May 11, 2026
Impact: High
Summary: Cybersecurity risks often hide behind the tools we trust the most to improve our productivity. Recently, a sophisticated campaign emerged that uses a fake Claude site attack to target unsuspecting professionals. This operation, nicknamed “Donuts and Beagles,” shows how easily an adversary can mimic a popular artificial intelligence platform to deceive users. By creating a replica that looks and feels like the real thing, attackers lure employees into downloading staged payloads that initiate multi-step malware execution. This fake Claude site serves as an initial access vector that can deploy a persistent backdoor capable of compromising an entire corporate network.
For executive stakeholders, the emergence of a fake Claude site highlights a critical gap in traditional perimeter defenses. Security is no longer just about blocking known bad actors. It is about understanding how employees interact with the digital world. When a team member visits what they believe is a legitimate AI assistant, they are operating under a veil of trust. Attackers exploit this trust to evade traditional firewalls and security gateways. This trend demands a shift toward a more behavioral approach to security that can identify deception in real time.
The actors behind the campaign involving a fake Claude site are primarily focused on strategic espionage. While many cybercriminals seek quick financial payouts, these groups prioritize long-term access to sensitive information. Their goal is to install a persistent backdoor on high-value workstations, particularly those belonging to researchers, developers, and executives. Once they have this foothold, they can quietly observe business operations and harvest valuable intelligence over several months.
These adversaries are patient and highly resourceful. By focusing on a fake Claude site, they target individuals who are likely to be working on proprietary projects or future innovations. The intelligence gathered could range from product designs to sensitive merger and acquisition details. Because the primary goal is espionage, the attackers go to great lengths to remain undetected. They ensure that the initial infection does not trigger loud alarms, allowing them to maintain a “quiet” presence that standard security tools often miss.
For a CISO or business leader, a compromise originating from a fake Claude site represents a direct threat to the company’s strategic advantage. If an adversary gains a backdoor into your development environment, they are effectively looking over the shoulder of your best talent. This can lead to the loss of intellectual property that took years and millions of dollars to develop. The theft of such assets can change the competitive landscape of an entire industry overnight.
Beyond the loss of data, the operational impact is significant. A persistent backdoor allows an attacker to move laterally through the network. They can jump from a single laptop to sensitive cloud environments or financial systems. The cost of a full forensic investigation and the subsequent cleanup is a major financial burden. Furthermore, the reputational damage can be severe. If clients and partners lose faith in your ability to protect shared data, the long-term impact on your business growth can be devastating. Preventing a fake Claude site from becoming a breach is essential for maintaining market trust.
To understand how a fake Claude site works, imagine a high-end office park where everyone uses a specific concierge service for their daily needs. An attacker sets up a nearly identical concierge desk in the lobby. They wear the same uniform and use the same branding. When a busy executive stops by to drop off a sensitive package, the fake concierge accepts it with a smile. The executive goes back to work, believing their task is handled, while the attacker now has full access to the contents of that package.
In the digital realm, the fake Claude site functions exactly like that fraudulent concierge. Attackers use search engine optimization or social engineering to drive traffic to their deceptive page. When an employee tries to use the AI tool, the site prompts them to download a “desktop utility” or “update” to improve performance. Because the user is in a productive mindset, they are more likely to comply with the request. Once the file is executed, the backdoor is established. The attacker hasn’t broken a lock; they have simply tricked a trusted person into opening the door for them.
Traditional security measures often fail to stop a fake Claude site because they rely on matching known threats. Since attackers create new domains and unique files for every campaign, there is no “signature” for the system to catch. The Gurucul defense strategy is different. We do not look for the file’s name; we look at the identity’s behavior. We focus on the context of the interaction to determine if a site or a download poses a risk to the organization.
Gurucul provides a robust defense by establishing a behavioral baseline for every user. If an employee suddenly starts communicating with a brand-new domain that mimics a popular service, our system identifies the anomaly. When that fake Claude site attempts to drop a file that starts performing administrative actions or reaching out to unusual servers, Gurucul flags it immediately. This identity-centric approach allows us to detect and contain the threat early in the attack chain, significantly reducing the likelihood of a fully established backdoor, even when the user is unaware of the deception.
The primary vehicle for this protection is the Gurucul Next-Gen SIEM. As organizations rush to adopt AI tools, the Gurucul platform provides the necessary visibility to ensure this adoption is safe. Our platform leverages thousands of machine learning models to identify the subtle signals of multi-stage attacks across users, devices, and systems. By unifying data from web traffic, identity providers, and endpoints, the platform gives security teams radical clarity into where threats are hiding.
Specifically, our User and Entity Behavior Analytics (UEBA) capability is designed to catch the “living off the land” techniques used by the Donuts and Beagles actors. Even if the attacker leverages legitimate system tools after the initial fake Claude site infection, Gurucul identifies deviations in how those tools are used compared to the user’s established behavioral baseline. This allows for machine-speed response, isolating the infected device and cutting off the attacker’s access. With Gurucul, you can embrace the benefits of AI without falling victim to the deceptive tactics that target it.
For a full technical breakdown of the tactics, techniques, and procedures used in this campaign, including specific indicators of compromise, please visit the Gurucul Community:
