Microsoft has warned of an active cryptojacking campaign that surfaces malicious download sites through AI chatbot recommendations, extending SEO poisoning beyond conventional search. Attackers impersonate legitimate system utilities - CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, PDFgear - to target users with high-performance GPUs, prioritizing mining yield per host over mass infection. Beyond mining, the operators deploy ScreenConnect for persistent remote access enabling data theft, lateral movement, or ransomware. Victims who ask LLM-based tools for software-download recommendations are served links to attacker domains on subdomains of gleeze[.]com, hosted via Dynu dynamic DNS. Microsoft says it has detected and blocked the activity.
Securonix tracked a phishing campaign called VENOMOUS#HELPER that has hit 80+ organizations (mostly in the US) since April 2025 by getting employees to install legitimate remote-monitoring software they think is a Social Security Administration document. The lure is a fake SSA email asking the recipient to download their statement; the link points to a compromised Mexican business website hosting a SimpleHelp installer. Once installed, the attackers gain SYSTEM-level access, then quietly install ConnectWise ScreenConnect as a backup channel. The pattern aligns with initial-access broker activity: quiet persistence, then sale or hand-off to ransomware operators.
The FBI issued a public service announcement Wednesday warning that cyber-enabled cargo theft has surged 60% to $725 million in losses across the US and Canada in 2025. The pattern: criminals phish freight brokers and carriers via spoofed emails, install remote-monitoring software like ScreenConnect or Pulseway, then post fraudulent listings on freight load boards under the broker's identity. Real shippers respond, hand over high-value cargo, and the load is diverted to criminal-controlled drivers. The average theft is now $273,990 - a 36% jump from 2024. Cargo theft also funds drug trafficking and money laundering, not just direct resale.