Microsoft has issued a warning regarding an active cryptojacking operation that weaponises artificial intelligence chatbot interactions to steer users toward malicious download pages, marking a notable shift in how threat actors distribute malware.
According to Microsoft Defender Experts and the Microsoft Threat Intelligence team, reported by The Hacker News on 27 May, attackers have moved beyond traditional search engine optimisation poisoning and are now manipulating AI assistant outputs to surface fraudulent software links. The technique exploits the inherent trust users place in generative AI recommendations, effectively bypassing conventional email and web filtering controls.
The campaign strategically impersonates GPU-focused diagnostic and benchmarking utilities, including HWMonitor and FurMark, to maximise cryptocurrency mining yield on compromised machines. Victims who follow AI-generated recommendations are redirected to counterfeit download sites hosting trojanised installers.
The infection chain employs a multi-stage approach. Initial compromise occurs through DLL sideloading, which deploys ScreenConnect — a legitimate remote access tool repurposed as a remote access trojan. From there, a process-hollowing loader identified as SimpleRunPE.exe injects cryptocurrency mining payloads into trusted system binaries, making detection more difficult for conventional endpoint protection.
While immediate monetisation centres on cryptojacking, security researchers emphasise that the persistent ScreenConnect foothold substantially escalates downstream risk. The established remote access capability enables threat actors to conduct lateral movement across enterprise networks, exfiltrate sensitive data, or deploy ransomware at a later stage.
This development signals a broader evolution in social engineering tactics. As organisations increasingly integrate AI assistants into daily workflows, attackers are adapting their delivery mechanisms to exploit this trust relationship. Traditional perimeter defences — designed to filter known malicious URLs and email attachments — are insufficient against threats delivered through AI-generated recommendations that appear legitimate to the end user.
Effective mitigation requires organisations to update their threat models accordingly. IT teams should treat AI chatbot recommendations with the same level of scrutiny applied to unverified search engine results. Application allowlisting policies, network-level URL filtering, and mandatory verification of software downloads through official vendor channels remain critical controls.
User education plays an equally important role. Organisations should communicate that AI assistants can be manipulated to surface malicious links, and that any software recommendation — regardless of how confidently it is presented — requires independent validation before installation.
Microsoft has not yet released specific indicators of compromise or YARA detection signatures for enterprise SIEM and EDR integration, though security teams are advised to monitor for anomalous DLL loading patterns associated with HWMonitor and FurMark binaries, as well as unexpected ScreenConnect installations on endpoints where remote support is not actively in use.
Microsoft 就一項活躍的加密貨幣劫持活動發出警告,該活動將人工智能聊天機械人互動武器化,引導用戶前往惡意下載頁面,標誌着威脅行為者分發惡意軟件的方式出現顯著轉變。
根據 The Hacker News 於 5 月 27 日報道,Microsoft Defender Experts 及 Microsoft Threat Intelligence 團隊指出,攻擊者已超越傳統的搜尋引擎優化投毒手法,轉而操縱 AI 助手的輸出,以展示欺詐性軟件連結。此技術利用用戶對生成式 AI 推薦的固有信任,有效繞過傳統的電郵及網頁過濾控制。
該活動策略性地冒充專注於 GPU 的診斷及基準測試工具,包括 HWMonitor 和 FurMark,以在受感染機器上最大化加密貨幣挖礦收益。受害者若跟隨 AI 生成的推薦,會被重定向至偽造下載網站,這些網站承載已植入木馬的安裝程式。
感染鏈採用多階段方法。初步入侵通過 DLL sideloading 進行,藉此部署 ScreenConnect——這是一款合法的遙距存取工具,遭重新用作遙距存取木馬。其後,一個識別為 SimpleRunPE.exe 的程序掏空載入程式會將加密貨幣挖礦程式碼注入受信任的系統執行檔,令傳統端點保護更難偵測。
雖然即時變現集中於加密貨幣劫持,但安全研究人員強調,持久的 ScreenConnect 立足點會大幅增加下游風險。已建立的遙距存取能力使威脅行為者能夠在企業網絡中進行橫向移動、竊取敏感數據,或在稍後階段部署勒索軟件。
此發展標誌着社會工程策略的更廣泛演變。隨着機構越來越多地將 AI 助手整合到日常工作流程中,攻擊者正調整其傳遞機制,以利用這種信任關係。傳統網絡邊界防禦——旨在過濾已知惡意 URL 和電郵附件——對於通過 AI 生成推薦傳遞的威脅並不足夠,因為這些推薦對終端用戶而言看似合法。
有效的緩解措施要求機構相應地更新其威脅模型。IT 團隊應對 AI 聊天機械人的推薦施加與未經驗證的搜尋引擎結果相同級別的審查。應用程式容許清單政策、網絡層面 URL 過濾,以及通過官方供應商渠道強制驗證軟件下載,仍然是關鍵控制措施。
用戶教育同樣扮演重要角色。機構應向員工傳達 AI 助手可被操縱以展示惡意連結的信息,且任何軟件推薦——無論其呈現得多麼肯定——在安裝前均需獨立驗證。
Microsoft 尚未發布具體的入侵指標或 YARA 檢測簽名供企業 SIEM 和 EDR 整合,但建議安全團隊監察與 HWMonitor 和 FurMark 執行檔相關的異常 DLL 載入模式,以及在未使用遙距支援的端點上偵測到 ScreenConnect 安裝。