Microsoft’s security researchers have discovered a complex scheme where hackers are secretly using other people’s computers to mine cryptocurrency. This involves both taking advantage of website vulnerabilities and using highly convincing tactics to trick people.
This operation specifically focuses on people with powerful computers – particularly those who enjoy gaming and building PCs – and secretly uses their graphics cards to mine cryptocurrency without their permission.
Security researchers at Microsoft Defender Experts have discovered that attackers are manipulating AI chatbots to mislead people into downloading malicious software.
XRP Hits $1.4B in ETF Cash
Shiba Inu (SHIB) Sellers Exhausted, Dogecoin (DOGE) Zero Addition Question of Time, XRP Recovery Starts: Crypto Market Review
The AI and SEO attack chain
Cryptojacking campaigns tend to prioritize infection volume over precision.
This recently found operation focuses on maximizing the results gained from each individual device.
Attackers are tricking people by manipulating search engine results (SEO poisoning) and by hiding dangerous links within the responses of AI chatbots. This can lead to users clicking on harmful content.
Users who want to download some legitimate software are directed to lookalike domains.
Malicious sites masquerade as popular hardware monitoring and system utilities.
Compromised download packages include CrystalDiskInfo, HWMonitor, FurMark, and so on.
Advanced evasion
After downloading the targeted software, they receive a ZIP archive with a malicious file.
The system quietly launches the malware via DLL sideloading.
After initial infection, the malware installs ScreenConnect, a real remote support program. This allows attackers to maintain long-term access to the compromised computer.
The threat actors execute a technique known as process hollowing.
A specialized program, crafted using .NET, starts a legitimate Windows tool signed by Microsoft and secretly adds cryptocurrency mining code into that tool’s running memory.
The loader then downloads GPU-focused mining clients of the likes of gminer.
The malware constantly monitors the host system to remain undetected:
As an analyst, I’ve found this malware carefully monitors how hard the graphics card is working and how long the user is inactive. Crucially, it’s designed to stop mining *before* the user notices their computer slowing down, making it much harder to detect. It essentially tries to fly under the radar by preventing any obvious performance impact.
The software keeps changing Windows security settings by adding exceptions to antivirus scans.
Microsoft says its Defender Antivirus and Defender for Endpoint successfully find and stop threats related to this activity.
Read More
- WLD PREDICTION. WLD cryptocurrency
- Gold Rate Forecast
- Brent Oil Forecast
- ZEC PREDICTION. ZEC cryptocurrency
- BTC PREDICTION. BTC cryptocurrency
- SOL PREDICTION. SOL cryptocurrency
- EUR CNY PREDICTION
- TON PREDICTION. TON cryptocurrency
- USD CNY PREDICTION
- NEAR PREDICTION. NEAR cryptocurrency
2026-05-27 12:49