- McAfee Unveils GenAI-Powered Cryptojacking Campaign
- Fake apps spread ~50 variants via 1,700+ repositories on Discord, SourceForge, and more
- Attackers mine Monero, Ravencoin, Zephyr and others; profit estimated at $13,500+
Security researchers McAfee uncovered a large malware campaign that leveraged Generative Artificial Intelligence (GenAI) to infect as many people as possible with cryptocurrency miners.
In an in-depth report published last week, the cybersecurity outfit explained that someone has been creating fake software: AI image generators, voice-changing tools, stock trading tools, game mods, VPNs and more. They discovered nearly 50 different variants distributed in more than 1,700 .ZIP archives. These variants are not fully vibe-coded, but parts appear to have been generated with AI:
“The presence of explanatory comments and structured sections strongly indicates the use of LLM models to generate this code,” McAfee explained. The attackers are most likely using AI to speed up the process, scale the campaign and diversify the code to better bypass antivirus and anti-malware solutions.
The article continues below
Mining of Bitcoin, Monero and others
These tools are distributed through various legitimate content delivery network (CDN) services and file-hosting sites, including Discord, SourceForge, FOSSHub, and MediaFIre. McAfee also mentioned mydophiles[dot]com. So far, the researchers have discovered more than 100 URLs that are actively spreading the malware – with the majority (61) found on Discord. There were 17 on SourceForge and 15 on mydofiles[dot]com.
The victims are infected with so-called “cryptojackers”. These are programs that “hijack” the device to mine various cryptocurrencies for the attackers. The most popular cryptojacker out there is called XMRig, which is often found on servers in data centers and mines the privacy-oriented token, Monero.
In this case, the attackers are also mining other coins, including Ravencoin, Zephyr, Bitcoin Gold, Ergo, and Clore.
McAfee found the Bitcoin wallet address and discovered that the attackers made at least $4,500 that way. “Since most of the mining activities are directed at privacy-focused cryptocurrencies such as Zephyr, Ravencoin, and Monero, the real financial impact is likely to be almost double the amount identified through Bitcoin tracking alone,” the researchers concluded, suggesting that the attackers earned at least $13,500 so far.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
