GPU mining malware spreads via SEO poisoning, AI chatbots

Microsoft researchers uncovered a targeted cryptojacking campaign that uses SEO poisoning and AI chatbot link manipulation to serve trojanized utility installers; the payload drops a malicious DLL which installs ScreenConnect for persistent remote access, employs process hollowing and Defender exclusion for stealth, and deploys GPU miners (gminer, lolMiner, SRBMiner‑MULTI) optimized to maximize mining yield on high-performance systems.