An active threat campaign delivers a previously undocumented Windows backdoor (Beagle) by impersonating Anthropic Claude AI, CrowdStrike, SentinelOne, and Trellix through typosquatted download sites. The malware abuses a legitimate signed G Data binary (NOVupdate.exe) for DLL sideloading, evading many application reputation controls, and establishes persistent C2 over Alibaba Cloud infrastructure. This is not a product vulnerability; it is a campaign exploiting the absence of software download controls and application allowlisting.