Microsoft disclosed on May 26, 2026, that Defender researchers are tracking an active cryptojacking campaign that uses poisoned search results and AI chatbot-recommended malicious links to distribute fake Windows utilities. The campaign hijacks victims’ GPUs to mine cryptocurrency without consent.

Cyptojacking attacks have plagued Windows users for years, but this latest wave marks a dangerous evolution: attackers now manipulate generative AI tools to serve malicious links in response to common software queries. The fake utilities—masquerading as system optimizers, driver updaters, or performance boosters—are promoted through search engine poisoning and AI-driven recommendations, making them appear legitimate to unsuspecting users.

Microsoft’s Defender team has observed a surge in detections linked to this campaign, prompting a coordinated takedown effort and an urgent advisory for consumers and enterprises. The attackers exploit the growing trust in AI-powered search by injecting prompts that cause chatbots to suggest compromised download pages, sometimes even fabricating positive reviews within the AI’s response.

How the cryptojacking campaign works

The infection chain begins with a user searching for free Windows tools. Attackers manipulate search engine rankings through SEO poisoning, pushing malicious sites to the top results. Simultaneously, they craft prompts that trick AI chatbots into recommending the same infected links. When a user clicks such a link, they land on a convincing download portal that mimics legitimate software sites.

The downloaded executable is a well-crafted trojan posing as a system utility. Once launched, it silently deploys a miner that hijacks GPU cycles to mine cryptocurrencies—usually Monero or other privacy coins. Unlike traditional malware, cryptojacking does not encrypt files or steal data. Instead, it siphons computing power, causing severe performance degradation, increased electricity bills, and premature hardware wear.

Microsoft’s analysis shows the miner is often configured to throttle its usage during periods of high user activity, making it harder to detect. It also terminates if system monitoring tools are opened, further evading casual inspection.

AI search poisoning: a new frontier

The integration of AI into search engines and chat interfaces has created fresh attack surfaces. Threat actors have begun injecting malicious content into the training data or exploiting prompt injection techniques to influence AI-generated recommendations. In this campaign, attackers designed prompts that cause chatbots to output links to infected sites when asked for utilities like “free Windows driver updater” or “disk cleanup tool.”

Because AI chatbots often present answers with an air of authority, users are more likely to trust the links. Microsoft noted that some chatbots even fabricated endorsements, claiming the tool was “verified” or “recommended by experts.” This social engineering trick significantly increases click-through rates.

“Search engines and AI assistants are becoming the new watering holes,” said a Microsoft researcher in an internal briefing obtained by Windows News. “Users assume curated answers are safe, but AI currently lacks the real-time context to flag all malicious links.”

Fake Windows utilities as trojan horses

The choice of lure is critical. Fake utilities target power users who routinely download system tools, making them the perfect vector. The malicious sites mimic popular software brands, often using similar domain names, genuine-looking certificates, and copied user interfaces. Some even bundle actual freeware alongside the miner to appear authentic.

Once the trojan is executed, it establishes persistence via scheduled tasks and registry modifications. It may also disable Windows Update and Windows Defender real-time protection, though the latest version of the campaign can bypass certain Defender settings only if the user explicitly approves administrative prompts.

Impact on users and organizations

For individual users, the most noticeable symptom is a sluggish PC. Games stutter, video rendering crawls, and fans spin at maximum speed even during idle periods. GPU temperatures can spike dangerously high, potentially shortening the hardware’s lifespan. In an enterprise environment, hundreds of compromised machines can drive up energy costs, disrupt operations, and mask more serious intrusions if attackers later pivot to data theft.

Microsoft’s telemetry shows that the campaign has already infected thousands of machines worldwide, with clusters in North America, Europe, and East Asia. The miner reportedly generated over $500,000 in cryptocurrency before the initial takedowns.

Detection and response by Microsoft Defender

Microsoft Defender Antivirus and Microsoft Defender for Endpoint have been updated to detect this campaign’s specific payloads and behaviors. The heuristics focus on:
- Unsigned or anomalously signed executables that spawn GPU-intensive processes.
- Modifications to search engine preferences and AI browser extensions.
- Traffic to known mining pool endpoints.
- Attempts to terminate security tool processes.

Users running Windows 11 with default SmartScreen and cloud-delivered protection enabled receive real-time blocks on the malicious domains. Additionally, Microsoft has worked with law enforcement and hosting providers to take down command-and-control servers.

How to protect yourself

  1. Stick to official sources. Download software only from the Microsoft Store, manufacturer’s website, or trusted distribution platforms. Avoid third-party driver updaters.
  2. Verify URLs carefully. Look for subtle misspellings or unusual top-level domains.
  3. Be skeptical of AI-generated answers. Treat chatbot recommendations as starting points, not verified endorsements. Cross-check links with official sources.
  4. Enable hardware‑based security. Features like TPM 2.0, Secure Boot, and virtualisation‑based security (VBS) can limit persistence mechanisms.
  5. Monitor system performance. Use Task Manager to look for unexplained GPU usage. Tools like Process Explorer can reveal hidden miners.
  6. Keep Windows and security software up‑to‑date. Microsoft regularly updates Defender signatures to combat new variants.

Organisations should deploy application whitelisting and network monitoring to block mining pools at the firewall level. Security teams can also restrict administrative rights to prevent malware from disabling protections.

The broader threat landscape

This campaign underscores a troubling convergence: as AI becomes integrated into everyday workflows, it also becomes a delivery mechanism for malware. Search poisoning itself is not new, but poisoning via AI output is a novel twist that challenges existing security models. The ability to influence LLM‑based recommendations through prompt injection or poisoned training data opens a vast new attack vector.

Microsoft’s proactive stance—detailing the campaign and releasing mitigations—mirrors its earlier disclosures on ransomware and supply-chain attacks. However, the rapid mutation of these threats means that user education and layered defenses remain the strongest countermeasures.

The company is actively developing AI‑specific security features, including content verification APIs for chatbots and real‑time link reputation scoring. In the interim, defenders must adapt to a world where the same AI that writes emails can also be tricked into serving malware.

For now, the May 26 disclosure serves as a stark reminder: even in 2026, the oldest trick in the hacker playbook—offering something free that secretly costs you—works all too well when dressed up in the trappings of AI‑generated trust.