GPU mining malware spreads via SEO poisoning, AI chatbots
GPU mining malware spreads via SEO poisoning, AI chatbots
Publish Date: 2026-05-27 17:31:25
Source Domain: www.bleepingcomputer.com
Summary:
In an advanced cryptojacking campaign, threat actors are exploiting high-performance computers through a strategic SEO poisoning operation and manipulated AI chatbot recommendations. The attack primarily targets systems by misleading users into downloading utility software purportedly from legitimate sources. Upon installation, the utility disguises a malicious DLL that installs a remote access tool, ScreenConnect, enabling persistent access and future payload deployment. Once control is established, multiple persistence mechanisms and stealthy process hollowing techniques are employed to evade detection. The compromised machines are then used to mine cryptocurrencies through GPU-focused malware, specifically gminer, lolMiner, and SRBMiner-MULTI, showing a precise monetization strategy. Microsoft’s researchers uncovered these tactics and provided organizations with relevant indicators of compromise to enhance their defense strategies.
Key Points:
-
SEO and AI Manipulation: The attack leverages SEO poisoning and AI chatbot recommendations to guide users to download malicious software.
-
Malicious Utilities: Compromised users often download seemingly legitimate utility software which includes a hidden malicious DLL.
-
Persistence and Stealth: Attackers utilize remote management tools and process hollowing techniques to maintain persistence and evade detection by security tools.
-
Crytojacking Execution: Installed malware employs multiple mining modules optimized for GPU mining to secretly earn cryptocurrency.
-
**Unique Targeting – The generated text has been blocked by our content filters.
