AI Chatbots Now Push Cryptojacking Malware Microsoft Warns

When Your AI Assistant Becomes the Attacker's Best Friend

For years, search engines were the primary battleground for malware distribution. Type "download HWMonitor," click the top result, and pray it's the real thing. In 2026, that battleground has shifted — and the new gatekeeper is your AI chatbot.

On May 26, 2026, Microsoft disclosed that Defender researchers are tracking an active cryptojacking campaign that uses poisoned search results and AI chatbot-recommended malicious links to distribute fake Windows utilities. The takeaway is brutal: the tools millions of us now rely on for quick software recommendations ChatGPT, Copilot, Grok, and others have become a new social engineering vector.

And the attackers aren't going after everyone. They're going after you specifically if you own a gaming rig or a creator workstation.

What's Actually Happening: The Attack Chain

Step 1: The Bait Trusted Utility Names

The campaign doesn't impersonate random apps. It impersonates the exact tools enthusiasts download all the time: CrystalDiskInfo, HWMonitor, Display Driver Uninstaller (DDU), FurMark, K-Lite Codec Pack, and PDFgear.

Why these? Because "The selection of these brands is deliberate. Each application is favored by PC enthusiasts and hardware-focused users, precisely the audience most likely to own a high-performance discrete GPU, the hardware that makes GPU cryptocurrency mining economically viable".

Translation: if you're searching for DDU, you probably have a 4070, 4080, 5090, or similar. That's exactly what the attackers want to mine on.

Step 2: The Delivery From SEO Poisoning to AI Poisoning

Traditionally, the attackers used SEO poisoning manipulating Google rankings so fake download sites appeared above the real ones.

But something new started happening in April 2026. Microsoft identified cases where users were directed to malicious websites through interactions with LLM-based chatbots instead of traditional search engine results. "In these cases, users querying AI chatbots for software download recommendations were presented with links to attacker-controlled domains within generated responses".

In plain English: you ask an AI chatbot, "Where can I safely download HWMonitor?" and it confidently hands you a link to a malicious domain.

Analysis of VirusTotal scans associated with the domains identified traffic metadata referencing chatbot interactions as a potential referral context. "While this behavior is based on observed patterns and correlated data sources, it's consistent with emerging techniques in AI search result poisoning, representing an extension of traditional SEO poisoning beyond conventional search engines".

Step 3: The Payload Real Software + Hidden Poison

Once the victim downloads the ZIP, they get exactly what they wanted: the legitimate utility plus a malicious DLL (autorun.dll) sitting next to it. When the user runs the legit app, DLL sideloading kicks in the genuine executable unknowingly loads the malicious DLL.

No exploits. No CVEs. Just trust.

Step 4: The Persistence Living Off Legitimate Tools

This is where it gets clever. The malware silently installs ScreenConnect a fully legitimate remote access tool used by IT departments worldwide disguised as a Visual C++ Redistributable. ScreenConnect then phones home to the attacker's server (193.42.11[.]108), giving them persistent hands-on access to your machine.

Then comes the mining payload. A binary "is responsible for establishing persistence on the host using registry execution keys and scheduled tasks, configuring Microsoft Defender exclusions, performing anti-analysis checks, and employing process hollowing to launch mining code with trusted Microsoft-signed binaries".

The miners themselves gminer, lolMiner, or SRBMiner-MULTI get injected into signed Microsoft .NET binaries like InstallUtil.exe and MSBuild.exe via process hollowing. To your security tools, it looks like Microsoft processes are running. In reality, your GPU is bleeding electricity into someone else's crypto wallet.

In some compromises, rather than using ScreenConnect's file transfer, attackers use a PowerShell script to fetch the binary from a remote drive, store it locally as "vlc.exe" to keep it unobtrusive, create a scheduled task to launch it, and then delete itself.

Why This Campaign Is Different (and Scarier)

Most malware campaigns play a numbers game: infect as many machines as possible, hope a few pay off. This threat actor appears focused on compromising systems with higher mining value instead of infecting large numbers of devices. Beyond cryptocurrency mining, the campaign gives attackers persistent remote access to compromised systems through abused ScreenConnect deployments.

That means:

• Quiet, surgical infections fewer victims, more revenue per victim.

• Persistent backdoor access that could escalate into data theft or ransomware later.

• Defenses bypassed by legitimacy ScreenConnect and Microsoft .NET binaries don't trigger most alerts.

"The attack does not need to break Windows if it can bend the user's search path, borrow a legitimate executable, install a legitimate remote access client, hide inside Microsoft-signed utilities, and mine only when the owner is least likely to notice".