Microsoft has identified a new cryptojacking campaign that targets high-end PC users, particularly gamers, by disguising malware as popular system utilities. The attackers use search engine optimization poisoning and, in some cases, AI chatbot recommendations to trick victims into downloading GPU mining software.

How the attack works

The malware is disguised as legitimate tools such as HWMonitor, CrystalDiskInfo and other PC monitoring utilities. When users search for these programs online, malicious websites appear at the top of search results through SEO manipulation. Some victims have also been directed to fake download pages through links shared by AI chatbots.

Once installed, the malware silently deploys a cryptocurrency miner that hijacks the computer's graphics processing unit to mine digital currencies without the user's knowledge. The miner operates in the background, consuming significant power and degrading system performance over time.

Who is at risk

The campaign primarily targets individuals with powerful GPUs, including gamers, video editors and cryptocurrency enthusiasts. These users are more likely to download system monitoring tools to track hardware performance or temperatures.

Microsoft's security researchers noted that the attackers have refined their techniques to evade detection. The malware uses code obfuscation and checks for virtual machine environments before activating its payload.

Why this matters

Cryptojacking drains system resources and increases electricity costs for victims without their consent. For gamers running high end hardware, the performance hit can be severe enough to make games unplayable or cause crashes during intensive tasks.

The use of AI chatbots as a distribution vector marks an escalation in social engineering tactics. Users who trust chatbot recommendations may unknowingly install malicious software from sources they believe are safe.

Protecting against GPU mining malware

  • Download software only from official developer websites or trusted app stores
  • Avoid clicking on sponsored search results when looking for free utilities
  • Use reputable antivirus software that includes real time threat detection

Microsoft recommends enabling cloud delivered protection in Windows Defender to catch emerging threats more quickly. Users should also monitor their GPU usage for unexplained spikes when idle.