AI Chatbots Weaponized to Redirect Users to Cryptojacking Malware

In a concerning evolution of cyber threats, Microsoft has uncovered an active cryptojacking campaign that leverages artificial intelligence chatbot interactions to distribute malware. This sophisticated attack represents a significant shift in how threat actors conduct social engineering, moving beyond traditional search engine poisoning to exploit the growing reliance on AI tools for software recommendations.

The Attack Vector: From Search Results to AI Chatbots

"This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," explained Microsoft Defender Experts and the Microsoft Defender Security Research Team in their recent report.

The campaign begins when users search for trusted system utilities and hardware-monitoring software. Initially, Microsoft observed malicious sites appearing through search engine optimization (SEO) poisoning. However, more recent iterations show a troubling evolution: users are now being directed to these malicious sites through interactions with large language model (LLM)-based tools.

"In these cases, users querying AI chatbots for software download recommendations were presented with links to attacker-controlled domains within generated responses," Microsoft stated. "While this behavior is based on observed patterns and correlated data sources, it's consistent with emerging techniques in AI search result poisoning, representing an extension of traditional SEO poisoning beyond conventional search engines."

Targeting High-Value Systems

The campaign specifically impersonates legitimate system utilities like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear. This strategic choice suggests the attackers are targeting users who likely own high-performance GPUs—systems with greater value for cryptocurrency mining.

"The idea is to focus on compromising systems with higher mining value than indiscriminately infecting a large number of machines," Microsoft noted. "The attack chain is more deliberate than other typical cryptocurrency mining efforts, strategically opting for endpoints that help maximize GPU mining yield per compromised device."

The Multi-Stage Attack Chain

Once users click on the malicious recommendation, they're directed to sites with prominent download buttons that retrieve a ZIP archive from campaign-specific subdomains of gleeze[.]com. This domain is hosted by infrastructure associated with Dynu, a dynamic DNS provider frequently abused by threat actors.

Microsoft has identified over 150 malicious domains serving these malicious tools. The downloaded ZIP file contains a legitimate executable alongside a rogue DLL ("autorun.dll") that's sideloaded when the binary is launched. This DLL then installs a second malicious DLL named "vcredist_x64.dll" using "msiexec.exe," which is actually a packaged installer for ScreenConnect software.

"The goals of the campaign are not merely financially motivated," Microsoft warned. "The threat actors have also been found to establish persistent remote access to compromised hosts through ScreenConnect deployments, which could then be leveraged for follow-on activity, such as data theft, lateral movement, or ransomware."

Persistence and Anti-Detection Techniques

Once ScreenConnect is installed, it continuously attempts to establish contact with an attacker-controlled server at "193.42.11[.]108." This connection serves as a conduit for an executable called "SimpleRunPE.exe," which is responsible for:

• Establishing persistence on the host using Registry Run keys and scheduled tasks
• Configuring Microsoft Defender exclusions
• Running anti-analysis checks
• Employing process hollowing to launch mining code under a trusted Microsoft-signed binary

In some cases, attackers use a PowerShell script to fetch the binary from a remote drive, storing it locally as "vlc.exe" to evade detection, creating a scheduled task to launch it, and then deleting itself.

The hollowed binary communicates with the attacker's server, transmits extensive host information, downloads the appropriate miner archive at runtime, and executes one of three supported miner programs: gminer, lolMiner, or SRBMiner-MULTI.

Evasion and Defense Evasion

The malware implements several sophisticated evasion techniques:

• It recreates persistence artifacts if removed
• It reconfigures Defender exclusions if they're deleted
• It monitors for running processes and terminates the miner if any of the following are detected:
  • taskmgr.exe (Windows Task Manager)
  • processhacker.exe, processhacker2.exe (Process Hacker)
  • procexp.exe, procexp64.exe (Process Explorer)
  • systeminformer.exe (System Informer)

"This combination of AI-assisted delivery, software impersonation, and persistent access highlights how threat actors are adapting social engineering and monetization strategies to modern user behavior," Microsoft emphasized.

Broader Security Implications

This discovery comes amid several other concerning trends Microsoft has observed:

1. Edge Device Exploitation: Unknown actors compromised F5 BIG-IP firewall appliances to pivot to internal Linux hosts, laterally moving to vulnerable Atlassian Confluence servers.

2. Third-Party Abuse: Attackers compromised third-party IT service providers and leveraged legitimate IT management tools to establish durable access for credential theft.

3. Authentication Abuse: Threat actors abused trusted operational relationships and authentication processes to maintain access without explicit persistence mechanisms.

"Third-party service providers and integrated management tools can become enforcement gaps when visibility is limited or validation is assumed. Threat actors understand this. They leverage legitimate components, trusted update paths, and approved integrations to anchor themselves inside environments that appear compliant on the surface," Microsoft warned.

Recommended Defenses

For organizations and users facing these evolving threats, Microsoft recommends:

1. Verify AI Recommendations: Treat AI-generated software recommendations with the same skepticism as search results. Always verify the authenticity of recommended software through official channels.

2. Implement Application Control: Use application control solutions to prevent unauthorized execution of applications, especially those that attempt to load suspicious DLLs.

3. Monitor for ScreenConnect Activity: ScreenConnect, while legitimate, is frequently abused. Monitor for unexpected installations or connections to unusual endpoints.

4. GPU Resource Monitoring: Implement monitoring for unusual GPU utilization, which could indicate cryptojacking activity.

5. Least Privilege Access: Restrict user privileges to limit the potential impact of compromise.

6. Third-Party Validation: Validate third-party service providers and their activity within your environment. "Trust your vendors and tooling, but validate their behavior within your environment," Microsoft advises.

7. Endpoint Detection and Response: Deploy EDR solutions capable of detecting process hollowing and other advanced evasion techniques.

The Future of AI-Assisted Threats

As AI becomes more integrated into daily workflows and decision-making processes, we can expect threat actors to continue refining their techniques to exploit these tools. The convergence of AI and traditional attack vectors represents a significant challenge for cybersecurity professionals.

"Organizations operating in sensitive sectors should assume that threat actors with this level of tradecraft will continue refining third party abuse, credential interception, and stealthy persistence mechanisms to maintain strategic access," Microsoft concluded.

For more detailed technical information about this campaign, organizations can refer to Microsoft's original report and guidance on protecting against cryptojacking threats. Users should also verify software downloads through official sources like the CrystalDiskInfo, HWMonitor, and other legitimate vendor websites.

The discovery underscores the importance of maintaining healthy skepticism when interacting with AI tools, especially when they recommend software downloads or external links. As AI becomes more prevalent in our digital lives, so too will the attempts to manipulate it for malicious purposes.