- McAfee uncovers GenAI-based cryptojacking campaign
- The fake apps spread around 50 variations through over 1,700 archives on Discord, SourceForge, etc.
- Attackers mine Monero, Ravencoin, Zephyr and others; profits estimated at $13,500+
McAfee security researchers have discovered a major malware campaign leveraging generative artificial intelligence (GenAI) to infect as many people as possible with cryptocurrency miners.
In a detailed report released last week, the cybersecurity agency explained that someone had created fake software: AI image generators, voice changing tools, stock trading utilities, gaming modules, VPNs, and more. They discovered nearly 50 different variants, distributed across more than 1,700 .ZIP archives. These variants weren’t entirely coded in vibe, but some parts appear to have been generated with AI:
“The presence of explanatory comments and structured sections strongly indicates the use of LLM models to generate this code,” McAfee explained. Attackers are most likely using AI to speed up the process, scale the campaign, and diversify the code to better circumvent antivirus and anti-malware solutions.
Article continues below
Mining Bitcoin, Monero and others
These tools are distributed through various legitimate content delivery network (CDN) services and file hosting websites, including Discord, SourceForge, FOSSHub, and MediaFIre. McAfee also mentioned mydofiles[dot]com. So far, researchers have discovered more than 100 URLs actively spreading the malware, with the majority (61) found on Discord. There were 17 on SourceForge and 15 on mydofiles[dot]com.
Victims are infected by “cryptojackers”. These are programs that “hijack” the device to mine various cryptocurrencies for attackers. The most popular cryptojacker is called XMRig, often found on data center servers and mining the privacy-focused token Monero.
In this case, the attackers also mine other coins including Ravencoin, Zephyr, Bitcoin Gold, Ergo and Clore.
McAfee found the Bitcoin wallet address and discovered that the attackers had made at least $4,500 as a result. “Given that most mining activities target privacy-focused cryptocurrencies such as Zephyr, Ravencoin, and Monero, the actual financial impact is likely to be nearly double the amount identified through Bitcoin tracing alone,” the researchers concluded, implying that the attackers have made at least $13,500 so far.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
