Skip to main content
Emerging ThreatsMalware & Ransomware

Microsoft Warns of AI-Driven Cryptojacking Campaign Targeting High-Performance GPUs

Laptop screen displays chatbot interface with blurred office background and smartphone shows warning message.

"This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft Defender Security Research Team said.

AI chatbots, poisoned links, and a shift in delivery

Microsoft reported that a cryptojacking campaign has evolved from classical search-engine SEO poisoning to include links surfaced inside LLM-based chatbot responses. The company said users querying AI chatbots for software download recommendations were presented with links to attacker-controlled domains within generated responses, a pattern first observed in search-engine results and later seen in April 2026 routed through large language model tools.

Microsoft characterized the shift as an "extension of traditional SEO poisoning beyond conventional search engines," increasing the visibility of malicious software recommendations to users who request trusted utilities.

Software impersonation as the bait

The campaign impersonates legitimate system utilities and hardware-monitoring tools — including CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear — likely to attract users who own high-performance GPUs. Microsoft said the attackers deliberately target endpoints with higher mining value rather than attempting broad, indiscriminate infection.

Each attacker-controlled site presents a prominent download button that retrieves a ZIP archive. Microsoft identified more than 150 malicious domains serving these fake tools.

Delivery chain and persistence mechanisms

Microsoft mapped a multi-stage attack chain. The downloaded ZIP contains a legitimate executable together with a rogue DLL named "autorun.dll" that is sideloaded when the binary launches. That DLL installs a second malicious DLL, "vcredist_x64.dll," via msiexec.exe. Microsoft says the file is a packaged installer for ScreenConnect software.

Once ScreenConnect is installed the client repeatedly attempts to contact an attacker-controlled server at 193.42.11[.]108. The ScreenConnect session is used to run an executable called SimpleRunPE.exe, which implements persistence via Registry Run keys and scheduled tasks, configures Microsoft Defender exclusions, conducts anti-analysis checks, and uses process hollowing to run mining code under a trusted Microsoft-signed binary.

Microsoft observed an alternate variant that uses a PowerShell script to fetch a binary, store it locally as "vlc.exe," create a scheduled task to launch it, and then delete the script. The hollowed binary transmits extensive host information to the attacker, downloads the appropriate miner at runtime, and executes one of three supported miners: gminer, lolMiner, or SRBMiner-MULTI.

To avoid detection, the malware monitors for security tools and immediately terminates the miner if any of these processes are present: taskmgr.exe; processhacker.exe or processhacker2.exe; procexp.exe or procexp64.exe; and systeminformer.exe. Microsoft said it detected and blocked activity associated with the campaign.

Infrastructure: gleeze[.]com, Dynu, and attacker-controlled servers

The ZIP archives are retrieved from campaign-specific subdomains of gleeze[.]com, hosted on infrastructure associated with Dynu, a dynamic DNS provider. Microsoft tied the post-installation callbacks to the IP address 193.42.11[.]108 and described the ScreenConnect sessions as the conduit used to stage and execute the mining payloads.

Beyond pure monetization, Microsoft warned that actors use the ScreenConnect deployments to establish persistent remote access that can be repurposed for follow-on activity such as data theft, lateral movement, or ransomware.

What this means for technologists, procurement teams, and end users

  • Technologists and security teams: watch for unusual ScreenConnect installations, scheduled tasks, Registry Run entries, and Microsoft Defender exclusions reappearing after removal. The campaign's use of process hollowing under signed binaries and runtime downloading of gminer, lolMiner, or SRBMiner-MULTI are specific signatures Microsoft highlighted.
  • Procurement and third-party managers: Redmond warned that "third-party service providers and integrated management tools can become enforcement gaps" and urged deliberate validation of vendor behavior rather than assumed trust — a reminder tied to other Microsoft disclosures about abuse of trusted relationships and compromised IT service providers.
  • End users: Microsoft documented cases where AI chatbots supplied attacker-controlled download links when asked for software recommendations; users seeking utilities should be aware that such suggestions can be manipulated and that attacker-controlled domains numbered in the hundreds.

Microsoft placed this campaign in a broader context by noting multiple recent incidents that exploit trusted operational relationships and exposed internet-facing appliances. In related disclosures, the company described an actor that compromised an F5 BIG-IP firewall, pivoted to a Linux host to stage further attacks, used Python's ftplib to transfer tools, performed Kerberos relay attacks, and exploited CVE-2025-33073; and another intrusion that leveraged a compromised third-party IT services provider and legitimate management tools to maintain covert, durable access.

"This combination of AI-assisted delivery, software impersonation, and persistent access highlights how threat actors are adapting social engineering and monetization strategies to modern user behavior," Microsoft said. The company also reported that it detected and blocked activity tied to the campaign.

For defenders, the takeaway Microsoft leaves on the record is concrete: trust vendors and tooling, but validate their behavior within your environment. Attackers are adapting old tricks to new interfaces — from search results to AI chatbots — and the artifacts Microsoft has cataloged offer specific signals defenders can hunt for.

https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html