- Microsoft researchers have observed cybercriminals adapting their SEO poisoning tactics to AI platforms, tricking the AI into recommending spoofed utility sites such as HWMonitor and CrystalDiskInfo.
- Victims who follow these AI-suggested links download malware via DLL sideloading, which installs ScreenConnect to allow attackers access and can lead to cryptojacking.
- Defenders should treat AI recommendations with the same caution as search results, checking links before downloading to avoid compromise.
With the advent of AI, the Internet search habits of most users have changed dramatically, which has also changed the way cybercriminals deliver malware to their victims.
In the years before AI, scammers used the technique of “SEO poisoning” to trick search engines into displaying malicious and fraudulent websites at the very top of search engine results pages. By leveraging users’ trust in these engines, crooks could expect malware to be downloaded without scrutiny.
But now AI tools are eating into search engine market share, with a new report from Microsoft revealing that bad actors have found a way to trick AI into recommending fake and malicious links.
Remove a cryptojacker
This is an interesting finding, since most SEO experts still haven’t cracked this code and there is no “industry standard” for AI mentioning.
Regardless, Microsoft said it has observed cybercriminals creating fraudulent websites spoofing popular PC utilities such as HWMonitor or CrystalDiskInfo. They (somehow) get the AI to mention these websites to people who ask about these tools and if people believe the AI, they end up downloading malware.
The malware is loaded onto the device using the DLL sideloading technique which, in turn, installs ScreenConnect and grants the attackers direct access to the device. The criminals would then profile the device, scan the network and, if they choose, install a cryptojacker.
The cryptojacker then mines the cryptocurrency for the attackers, earning them virtual coins, as victims are left with an unusable computer and a huge electricity bill.
“This combination of AI-assisted delivery, software impersonation, and persistent access highlights how threat actors are adapting their social engineering and monetization strategies to modern user behavior,” Microsoft said.
To defend against these attacks, users should do the same things as against SEO poisoning attacks – not blindly trust AI/search engine answers.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
