Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.

"This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft Defender Security Research Team said in a report published Tuesday.

The activity, per the tech giant, impersonates legitimate system utilities like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear, likely in an attempt to target users who own high-performance GPUs. The idea is to focus on compromising systems with higher mining value than indiscriminately infecting a large number of machines, it added.

The goals of the campaign are not merely financially motivated. The threat actors have also been found to establish persistent remote access to compromised hosts through ScreenConnect deployments, which could then be leveraged for follow-on activity, such as data theft, lateral movement, or ransomware.

The attack chain is more deliberate than other typical cryptocurrency mining efforts, strategically opting for endpoints that help maximize GPU mining yield per compromised device. The Windows maker said it detected and blocked activity associated with the campaign.

It all begins when users search for trusted system utilities and hardware-monitoring software on search engines, which surface malicious sites that have been gamed via techniques like search engine optimization (SEO) poisoning. Subsequent iterations observed in April 2026 indicate that users are being directed to these sites not through search engine results, but rather via interactions with large language model (LLM)-based tools.

"In these cases, users querying AI chatbots for software download recommendations were presented with links to attacker-controlled domains within generated responses," Microsoft said. "While this behavior is based on observed patterns and correlated data sources, it's consistent with emerging techniques in AI search result poisoning, representing an extension of traditional SEO poisoning beyond conventional search engines."

Each of these sites contains a prominent download button that retrieves a ZIP archive from a campaign-specific subdomain of gleeze[.]com, which is hosted by infrastructure associated with Dynu, a dynamic DNS provider frequently used by threat actors. More than 150 malicious domains have been identified serving the malicious tools.

The downloaded ZIP file contains a legitimate executable along with a rogue DLL ("autorun.dll") that's sideloaded when the binary is launched by the user. The DLL is designed to install a second malicious DLL named "vcredist_x64.dll" using "msiexec.exe." The file is a packaged installer for ScreenConnect software.

Once ScreenConnect is installed, the client continuously attempts to establish contact with an attacker-controlled server located at "193.42.11[.]108." The ScreenConnect session then serves as a conduit for an executable called "SimpleRunPE.exe."

The binary is responsible for establishing persistence on the host using Registry Run keys and scheduled tasks, configuring Microsoft Defender exclusions, running anti-analysis checks, and employing process hollowing to launch the mining code under a trusted Microsoft-signed binary.

In select compromises, instead of relying on ScreenConnect's file transfer functionality to drop the binary, a PowerShell script is used to fetch the binary from a remote drive, store it locally as "vlc.exe" to fly under the radar, create a scheduled task to launch it, and then delete itself.

The hollowed binary, for its part, communicates with the attacker's server, transmits extensive host information, downloads the appropriate miner archive at runtime, and executes it. Three miner programs are supported by the malware: gminer, lolMiner, and SRBMiner-MULTI.

In addition, the binary recreates the persistence artifacts to ensure continued presence and re-configures Defender exclusions in the event they are removed. It also keeps an eye out for running processes, and proceeds to immediately terminate the miner if any of the following processes are detected -

• taskmgr.exe (Windows Task Manager)
• processhacker.exe, processhacker2.exe (Process Hacker)
• procexp.exe, procexp64.exe (Process Explorer)
• systeminformer.exe (System Informer)

"This combination of AI-assisted delivery, software impersonation, and persistent access highlights how threat actors are adapting social engineering and monetization strategies to modern user behavior," Microsoft said.

The disclosure comes days after Microsoft detailed how an unknown threat actor compromised an internet-facing F5 BIG-IP firewall appliance and abused trusted relationships to pivot to an internal Linux host, highlighting the continued exploitation of internet-facing edge appliances as initial access points.

The Linux host, the company said, enabled the attacker to perform comprehensive reconnaissance and laterally move to a vulnerable Atlassian Confluence server, although attempts to execute remote code through unpatched security flaws in the software were unsuccessful.

As a way of getting around these restrictions, the threat actor is said to have set up an FTP server on the initial Linux host using Python's ftplib module to transfer a custom scanning tool to the Confluence server and then obtained credentials for subsequent authentication against Windows infrastructure. This was followed by Kerberos relay attacks and the exploitation of CVE-2025-33073.

"From there, the threat actor compromised a vulnerable SaaS application and leveraged its credentials to conduct relay-style authentication attacks against Active Directory," it said.

"In this incident, the threat actor authenticated to a Linux server over SSH using a privileged account. The threat actor maintained this level of access throughout the observed activity without establishing explicit persistence mechanisms, underscoring the risk posed by over-privileged identities with sudo rights."

Earlier this month, Microsoft also shed light on another intrusion in which attackers abused trusted operational relationships and authentication processes to establish durable access, leveraging a compromised third-party IT services provider and legitimate IT management tools to orchestrate a covert campaign focused on long-term access and credential theft.

"Third-party service providers and integrated management tools can become enforcement gaps when visibility is limited or validation is assumed. Threat actors understand this," Redmond said. "They leverage legitimate components, trusted update paths, and approved integrations to anchor themselves inside environments that appear compliant on the surface."

"Defenders should adopt a posture of deliberate verification. Trust your vendors and tooling, but validate their behavior within your environment. Organizations operating in sensitive sectors should assume that threat actors with this level of tradecraft will continue refining third party abuse, credential interception, and stealthy persistence mechanisms to maintain strategic access."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.