Hackers Abuse AI Chatbot Recommendations to Push Malicious Software Download Links

This report describes an active AI-assisted cryptojacking campaign in which threat actors poison search results and LLM-based chatbot responses to serve fake installers that sideload malicious DLLs, deploy ScreenConnect for remote access, and run cryptocurrency miners (gminer, lolMiner, SRBMiner-MULTI); Microsoft identified over 150 malicious domains, provided IoCs (domains, IP, SHA256), and recommended EDR/ASR and other mitigations.