Cryptojackers Just Added Your AI Assistant to Their Distribution Channel

Ask your AI assistant where to download HWMonitor. The answer might cost you a GPU.

On May 26, 2026, Microsoft Defender Experts disclosed an active cryptojacking campaign that pulled off something new in its lure stage. Alongside the usual SEO-poisoned Google results, attacker-controlled lookalike download domains were being served up inside AI chatbot responses — when users asked an assistant where to download utilities like HWMonitor or CrystalDiskInfo, the answer included a link the attacker had managed to surface there. Click through, install what looks like a clean copy of the tool, and the GPU starts mining cryptocurrency for someone else, with a persistent remote-management backdoor installed on the side.

Microsoft has logged more than 150 fake domains since March 2026, impersonating six well-known utility brands. The miner is the cheap part. The interesting part — the part to read this with — is that the trust path between user and malware now runs through the assistant they ask for advice.

What Microsoft found

The targeting is deliberate. CrystalDiskInfo, HWMonitor, Display Driver Uninstaller (DDU), FurMark, K-Lite Codec Pack, PDFgear: each of the impersonated brands is favored by PC enthusiasts and hardware-focused users, the population most likely to own a high-end discrete GPU. That GPU is what makes the campaign economically viable. The attackers picked quality of victim over volume.

Two delivery channels run in parallel, according to Microsoft's May 26 disclosure on the Microsoft Security Blog. The first is conventional SEO poisoning — search results for "download hwmonitor" get pushed toward lookalike domains. The second is what Microsoft observed in April 2026 and describes as "an extension of traditional SEO poisoning beyond conventional search engines": users querying AI chatbots for software recommendations were served the same attacker-controlled links inside generated responses, with VirusTotal traffic metadata referencing chatbot interactions as a referral context. From there the chain is conventional. The downloaded ZIP contains the real utility's executable plus a malicious DLL (autorun.dll), which loads through DLL sideloading — a technique that runs hostile code inside a trusted, signed application so endpoint protection raises no alarm. The DLL then silently installs ScreenConnect (a legitimate IT remote-management tool, ConnectWise's product, hijacked here for persistent attacker access) and drops a loader that runs cryptocurrency miners — gminer, lolMiner, or SRBMiner-MULTI — under Microsoft-signed Windows binaries using a technique called process hollowing.

• More than 150 malicious domains tracked since March 2026, with the campaign still active at the time of disclosure.
• Persistent access lands through abused ScreenConnect — the same remote-management tool legitimate IT teams use — opening the door for follow-on data theft, lateral movement, or ransomware.
• The malware watches for Task Manager, Process Explorer, Process Hacker, and System Informer; the moment any of those windows opens, mining stops, so an admin doing a casual check sees nothing wrong.

Why it matters

Search engine poisoning is twenty years old. What is new here is where the trust now sits. When a security-aware user clicks the top Google result for a utility, there is a moment of skepticism — is this the real vendor URL, does the cert match. When the same user asks Claude, ChatGPT, or Gemini "where can I safely download CrystalDiskInfo?", the link arrives wrapped in the assistant's confident tone, framed as a recommendation rather than a search result. The skeptical moment is shorter, or absent altogether. Microsoft's framing is the right one: this is an extension of SEO poisoning, but the new surface comes with implicit endorsement.

For your organisation the worry is asymmetric. One member of the IT team who installs a poisoned HWMonitor on an admin workstation hands attackers a live ScreenConnect session — and that session is exactly what initial-access brokers sell to ransomware crews. The systemic shift is the broader one: every channel that ranks or recommends links can be poisoned, and chatbots have become that kind of channel faster than most threat models adjusted. Treat the assistant's URLs the way you treat email links from strangers — useful, sometimes correct, never authoritative.

What to do about it

1. Distribute software through a curated internal list, not via chatbot answers. Maintain a short page of vetted vendor URLs for the tools your engineers and analysts actually need — and require they install only from there. Vendor domains are stable; any chatbot-recommended link is one SEO push away from being an attacker domain.
2. Inventory ScreenConnect and other remote-management tools, and alert on unexplained installs. The compromise here lives or dies on a hidden ScreenConnect agent talking to an attacker controller. Defender for Endpoint, CrowdStrike Falcon, and SentinelOne can all flag unsanctioned RMM activity when configured to — make sure they are, on every endpoint that touches admin credentials.
3. Re-validate Defender exclusions and Run-key persistence after any infection. The malware re-creates both if they are removed. After remediation, run a daily diff of Defender exclusions, scheduled tasks, and HKCU\Run / HKLM\Run keys against a known-good baseline — because cleanup is only complete when these stop coming back.

Bottom line

The interesting story is not the miner — it is the lure. The route to a backdoored workstation now runs through the AI assistant a growing number of people trust to filter the web for them, and the malware chain underneath is professional enough to ride a legitimate IT tool, hide from process inspectors, and survive cleanup. Tell your team to stop trusting download links that come from a chatbot. The cost of being wrong is a backdoored workstation; the cost of being right is twenty seconds typing the vendor's name into the address bar.