• McAfee uncovers GenAI-powered cryptojacking campaign
• Fake apps spread ~50 variants via 1,700+ archives on Discord, SourceForge, and more
• Attackers mine Monero, Ravencoin, Zephyr, and others; profits estimated at $13,500+

Security researchers McAfee uncovered a major malware campaign leveraging Generative Artificial Intelligence (GenAI) to infect as many people with cryptocurrency miners as possible.

In an in-depth report published last week, the cybersecurity outfit explained that someone has been creating fake software: AI image generators, voice-changing tools, stock-market trading utilities, game mods, VPNs, and more. They discovered almost 50 different variants, being distributed in more than 1,700 .ZIP archives. These variants have not been entirely vibe-coded, but parts seem to have been generated with AI:

“The presence of explanatory comments and structured sections strongly indicates the use of LLM models to generate this code,” McAfee explained. The attackers are most likely using AI to speed up the process, scale the campaign, and diversify the code in order to better bypass anti-virus and anti-malware solutions.

Article continues below

Mining Bitcoin, Monero, and others

These tools are being distributed through various legitimate content delivery network (CDN) services and file-hosting websites, including Discord, SourceForge, FOSSHub, and MediaFIre. McAfee also mentioned mydofiles[dot]com. So far, the researchers discovered more than 100 URLs actively spreading the malware – with the majority (61) found on Discord. There were 17 on SourceForge, and 15 on mydofiles[dot]com.

The victims are being infected with so-called “cryptojackers”. These are programs that “hijack” the device to mine various cryptocurrencies for the attackers. The most popular cryptojacker out there is called XMRig, which is often found on servers in data centers, and which mines the privacy-oriented token, Monero.

In this case, the attackers are mining other coins as well, including Ravencoin, Zephyr, Bitcoin Gold, Ergo, and Clore.

McAfee found the wallet address for Bitcoin and discovered that the attackers made at least $4,500 that way. “Since most of the mining activity targets privacy-focused cryptocurrencies such as Zephyr, Ravencoin and Monero, the real financial impact is likely to be nearly double the amount identified through Bitcoin tracing alone,” the researchers concluded, hinting that the attackers made at least $13,500 so far.

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.