Microsoft Defender Experts have issued a critical warning regarding an active cryptojacking campaign that weaponizes the trust users place in Generative AI (GenAI) interfaces. In this campaign, adversaries are manipulating AI chatbot interactions to surface malicious download sites, effectively bypassing traditional search-engine security filters.
This represents a significant shift in social engineering tactics. By poisoning the data sources or prompt responses of AI tools, attackers are redirecting users to fraudulent sites hosting malicious software under the guise of legitimate utilities. Once executed, this software deploys cryptocurrency miners, siphoning system resources. Defenders must treat this as an active software supply chain attack via a new vector, requiring immediate updates to detection logic and user awareness protocols.
Technical Analysis
Threat Vector: Unlike traditional phishing that relies on malicious emails or SEO poisoning in search engines, this campaign leverages the perceived authority of AI chatbots. Users interact with the AI, seeking recommendations for software or tools. The AI—likely influenced by malicious datasets or prompt injection techniques—provides a link to a malicious domain.
**Malware Behavior (Cryptojacking): While the specific delivery mechanism (the chatbot) is novel, the payload follows standard cryptojacking patterns:
- Delivery: User downloads and executes a fake installer or utility from the recommended site.
- Execution: The dropper releases a modified XMRig (Monero miner) or a similar CPU-intensive miner.
- Persistence: The malware often establishes persistence via Scheduled Tasks, Registry Run keys, or as a Windows Service.
- C2 Communication: The miner connects to stratum+tcp ports (commonly 3333, 14444, or 8080) on public or private mining pools to receive jobs and submit shares.
Affected Platforms:
- Endpoints: Primarily Windows workstations and servers, as these are the primary targets for browser-based chatbot interactions and Windows-native crypto miners.
- Chat Platforms: The vector affects any GenAI platform capable of recommending web links, though Microsoft specifically flagged this within their ecosystem research.
Exploitation Status:
- Active: Microsoft has confirmed this is an active campaign, not theoretical.
- CVE: While no specific CVE is associated with the AI platform vulnerability (prompt injection/data poisoning), the payload execution relies on the user running the unverified binary.
Detection & Response
To defend against this specific campaign, security operations must detect the result of the interaction: the unauthorized execution of cryptomining software and its subsequent network traffic. Standard anti-virus may miss customized miners, so behavioral hunting is essential.
SIGMA Rules
---
title: Suspicious Crypto Miner Process Execution
id: 8a4b2c91-6f3e-4a1d-9e2f-3c5a6b7c8d9e
status: experimental
description: Detects the execution of known crypto mining binaries or processes with command-line arguments typical of XMRig and similar miners. This covers the payload delivered via the AI chatbot vector.
references:
- https://attack.mitre.org/techniques/T1496/
author: Security Arsenal
date: 2026/05/12
tags:
- attack.resource-hijacking
- attack.t1496
logsource:
category: process_creation
product: windows
detection:
selection_img:
Image|contains:
- 'xmrig.exe'
- 'srn.exe'
- 'minerd.exe'
- 'cpuminer'
selection_cli:
CommandLine|contains:
- '--donate-level'
- '--url='
- 'stratum+tcp'
- '--coin='
condition: 1 of selection_
falsepositives:
- Authorized cryptocurrency mining operations (rare in enterprise)
level: high
---
title: Persistence via Scheduled Task for Crypto Miner
id: 9c5d3e02-0g4f-5b2e-0f3g-4d6b7c8e9f0a
status: experimental
description: Detects the creation of scheduled tasks that execute binaries from suspicious user directories, a common persistence mechanism for cryptojackers delivered via social engineering.
references:
- https://attack.mitre.org/techniques/T1053/005
author: Security Arsenal
date: 2026/05/12
tags:
- attack.persistence
- attack.t1053.005
logsource:
product: windows
service: security
detection:
selection:
EventID: 4698
TaskName|contains: 'Update'
CommandLine|contains:
- 'AppData\\Roaming'
- 'AppData\\Local'
- 'Temp'
filter:
SubjectUserName|contains:
- 'SYSTEM'
- 'ADMINISTRATOR'
condition: selection and not filter
falsepositives:
- Legitimate software update tasks running from user context
level: medium
KQL (Microsoft Sentinel / Defender)
// Hunt for processes associated with cryptojacking characteristics
// Look for high CPU processes connecting to non-standard ports
let MiningPorts = dynamic([3333, 14444, 8080, 3334, 9999]);
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessVersionInfoCompanyName != "Microsoft Corporation" or isnull(ProcessVersionInfoCompanyName)
| join kind=inner (
DeviceNetworkEvents
| where RemotePort in (MiningPorts)
| summarize ConnectionCount=count() by DeviceId, InitiatingProcessFileName, InitiatingProcessId
) on DeviceId, FileName, ProcessId
| project Timestamp, DeviceName, FileName, FolderPath, InitiatingProcessFileName, RemoteIP, RemotePort, ConnectionCount
| order by Timestamp desc
Velociraptor VQL
-- Hunt for suspicious miner processes and config files in user directories
SELECT
Pid,
Name,
CommandLine,
Exe,
Username
FROM pslist()
WHERE Name =~ "xmrig"
OR Name =~ "minerd"
OR CommandLine =~ "stratum+tcp"
-- Hunt for common miner configuration artifacts
SELECT FullPath, Mtime, Size
FROM glob(globs="/*Users/*/AppData/**/config.")
WHERE FullPath =~ "[Cc]onfig"
Remediation Script (PowerShell)
# Cryptojacking Incident Response - Kill Miner Processes and Block Common Ports
# Requires Admin Privileges
Write-Host "Starting Cryptojacking Remediation..." -ForegroundColor Cyan
# 1. Terminate suspicious mining processes
$suspiciousProcesses = @("xmrig", "minerd", "srn", "cpuminer")
foreach ($proc in Get-Process | Where-Object { $suspiciousProcesses -contains $_.ProcessName }) {
Write-Host "Terminating process: $($proc.ProcessName) (PID: $($proc.Id))" -ForegroundColor Yellow
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
}
# 2. Block common mining pool ports via Windows Firewall
$miningPorts = @(3333, 14444, 8080)
foreach ($port in $miningPorts) {
$ruleName = "Block Mining Port $port"
if (-not (Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue)) {
New-NetFirewallRule -DisplayName $ruleName -Direction Outbound -Protocol TCP -LocalPort $port -Action Block
Write-Host "Created firewall rule to block outbound port $port" -ForegroundColor Green
} else {
Write-Host "Firewall rule for port $port already exists." -ForegroundColor Gray
}
}
Write-Host "Remediation complete. Please investigate AppData/Roaming for malicious artifacts." -ForegroundColor Cyan
Remediation
- Immediate Isolation: If a system is identified as infected, isolate it from the network immediately to prevent the spread of malware or further communication with mining pools.
- User Awareness & Education: Update security awareness training to explicitly cover the risks of AI-generated links. Instruct users to verify software recommendations through official vendor websites rather than clicking directly from chatbot outputs.
- Network Segmentation & Filtering: Configure perimeter firewalls and proxy servers to block outbound connections to known mining pool domains and Stratum protocol ports (TCP 3333, 14444, etc.).
- Application Control: Implement Windows Defender Application Control (WDAC) or AppLocker policies to prevent unauthorized binaries from executing in user profile directories (e.g.,
%AppData%,%LocalAppData%,%Temp%). - Update Defenders: Ensure Microsoft Defender and other EDR solutions are running the latest intelligence updates to detect the specific hashes associated with this active campaign.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.