Malware Delivered Through AI Recommendations
Microsoft has uncovered an active campaign where threat actors use AI chatbot responses to trick users into downloading malicious software. Instead of relying solely on poisoned search results, attackers have engineered scenarios where queries to large language model based tools return links to domains controlled by the attackers. Users seeking legitimate system utilities like CrystalDiskInfo, HWMonitor, or Display Driver Uninstaller may be redirected to sites hosting cryptojacking malware.
The approach focuses on compromising high performance GPUs to maximize cryptocurrency mining yields. Microsoft’s security teams observed that the campaign specifically targets users of tools often associated with gaming and hardware monitoring, suggesting attackers deliberately seek systems with strong mining capabilities.
Expanding Threats Beyond Cryptomining
While the primary goal is cryptojacking, Microsoft reported that infected machines often receive persistent remote access tools like ScreenConnect. This gives attackers a foothold for additional malicious activities, including data theft, lateral movement, or deploying ransomware. The campaign represents a more deliberate infection strategy compared to typical cryptocurrency mining operations, as attackers selectively target endpoints that promise higher returns on mining investment.
Microsoft said its Defender systems detected and blocked these activities. The technique extends social engineering beyond traditional search engine manipulation and into the AI recommendation space, posing a growing challenge for cybersecurity defenses.
Source: The Hacker News
