Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
AI Chatbots Lead Users to Cryptojacking Malware Sites

AI Chatbots Lead Users to Cryptojacking Malware Sites

Posted on May 27, 2026 By CWS

Microsoft has issued a warning about a new cryptojacking campaign utilizing AI chatbots to direct users to harmful download sites. The tactic is elevating social engineering by bypassing typical search results, thereby increasing the exposure of malicious software suggestions, according to Microsoft’s report.

Impersonation of Legitimate Utilities

The campaign is reported to mimic authentic system utilities such as CrystalDiskInfo and HWMonitor, targeting users with high-performance GPUs. The aim is to compromise systems with greater mining potential rather than casting a wide net to infect numerous devices. Besides financial motives, the attackers are establishing remote access to affected hosts through ScreenConnect deployments, potentially for data theft or ransomware attacks.

Strategic Attack Methods

The attack is notably calculated, focusing on endpoints that enhance mining yields per infected device. Microsoft has detected and blocked activities linked to this campaign. Initially, users searching for trusted utilities encountered malicious sites manipulated through SEO poisoning. Recent observations indicate a shift, with users being directed via AI chatbot interactions.

Persistent Threat Tactics

Users seeking software download recommendations from AI chatbots received links to domains controlled by attackers. These sites feature download buttons that retrieve a ZIP archive from a malicious subdomain. Over 150 harmful domains have been identified, distributing these tools. The downloaded ZIP contains a legitimate executable and a rogue DLL designed to install a secondary malicious DLL via “msiexec.exe,” leading to ScreenConnect software installation.

Once installed, ScreenConnect attempts to connect with an attacker-controlled server, facilitating the execution of “SimpleRunPE.exe.” This binary establishes persistence through Registry Run keys, configures Defender exclusions, and employs anti-analysis techniques. In some cases, a PowerShell script retrieves the binary, masked as “vlc.exe,” to avoid detection.

Conclusion and Future Outlook

This blend of AI-driven delivery, software impersonation, and persistent access underscores evolving social engineering strategies. Recent exploits highlight the ongoing risk posed by internet-facing appliances and over-privileged identities. Microsoft emphasizes the need for vigilant verification of third-party services and management tools to thwart such stealthy persistence mechanisms. Organizations, particularly in sensitive sectors, should brace for continued refinement of third-party abuse and credential theft by threat actors.

The Hacker News Tags:AI chatbots, Cryptojacking, cyber threats, Cybersecurity, GPU mining, malicious software, Malware, Microsoft, ScreenConnect, SEO poisoning

Post navigation

Previous Post: CISA Demands Urgent Fix for Exploited LiteSpeed Flaw
Next Post: Anthropic Enhances Claude AI with New Security Features

Related Posts

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack The Hacker News
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files The Hacker News
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory The Hacker News
Enhancing Incident Response: Key Operational Essentials Enhancing Incident Response: Key Operational Essentials The Hacker News
Why AI Projects Often Falter Post-Demo Why AI Projects Often Falter Post-Demo The Hacker News
AI Model Uncovers 10,000 Critical Software Flaws AI Model Uncovers 10,000 Critical Software Flaws The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark