MICROSOFT Defender identified a cryptojacking campaign that uses poisoned search results and AI chatbot interactions to distribute malicious software posing as system utilities. The campaign targets users likely owning high-performance GPUs, using trusted software names to lure victims. Once installed, the malware provides persistent access using ScreenConnect software, allowing for potential data theft and ransomware deployment.
The attack employs sophisticated methods such as DLL sideloading and process hollowing to evade detection. Key mitigation recommendations include enabling cloud protection, using attack surface reduction rules, and employing web protection to bolster defenses against such threats.