Microsoft warns fake HWMonitor downloads can put your graphics card to work for miners
A fake PC utility turns a powerful GPU into someone else’s mining rig.📷 AI-generated image / TECH&SPACE
- ★Microsoft warns of a cryptojacking campaign built around users’ GPU resources.
- ★The malware is disguised as popular PC utilities such as HWMonitor and CrystalDiskInfo.
- ★SEO poisoning and AI recommendations create a new trust problem in software discovery.
Microsoft has warned about a cryptojacking campaign that does not treat passwords as the first prize, but computing power. According to Tom's Hardware, attackers pushed GPU mining malware through fake download pages posing as legitimate PC monitoring and diagnostics utilities, including HWMonitor and CrystalDiskInfo.
This is a direct attack on the habits of experienced PC users, with a newer distribution layer added on top. Instead of relying only on suspicious attachments or pirated software bundles, the campaign uses SEO poisoning: malicious pages are pushed into prominent search positions for familiar utility names. A user trying to check GPU temperatures, disk health or system stability can land on a page that looks credible enough for the download to feel routine.
The more uncomfortable part of the warning is the role of AI software recommendations in some cases. That does not mean the chatbot itself is the malware. It means the trust problem has moved: if an assistant recommends a bad link or repeats a contaminated software result, the user receives a false sense of verification. The AI answer then becomes a faster route into the same poisoned download chain.
The campaign uses SEO poisoning and occasional AI chatbot recommendations to push malware disguised as utilities such as HWMonitor and CrystalDiskInfo.
The problem starts where the user expects a routine download.📷 AI-generated image / TECH&SPACE
Gamers and high-end PC owners are especially attractive targets because they often have powerful graphics cards. Cryptojacking malware can use the GPU to mine cryptocurrency without the machine owner’s clear consent. The impact is not limited to a slower system: higher power draw, heat, fan noise and sustained hardware load can become the first practical signs that something is wrong.
The security lesson is not new, but it is sharper now. Popular tools should be downloaded from direct official pages, domains should be checked before installation, and download sites that copy a product name without matching the publisher deserve suspicion. Microsoft’s own security stack, including Microsoft Defender, is part of the detection layer, but the user’s decision about where an installer comes from remains the first line of defense.
For AI assistants, this is another test of usefulness under adversarial pressure. If a chatbot helps choose software, the answer has to be verifiable, with a direct link to the official project or publisher, not just a confident summary. The campaign Microsoft detected shows that attackers are no longer only targeting technical flaws in operating systems. They are also targeting the shortcuts people use to find software.
