Malik Haidar stands at the front lines of digital warfare, bringing a unique perspective that blends high-level threat analytics with the pragmatism of corporate business strategy. Having spent years shielding multinational infrastructures from sophisticated state-sponsored actors and profit-driven syndicates, he understands that cybersecurity is no longer just about firewalls—it is about the psychology of human trust and the cold logic of a hacker’s return on investment. In this discussion, he breaks down the alarming evolution of “AI search poisoning,” a technique where the very tools designed to help us navigate the web are being co-opted to deliver sophisticated cryptojacking payloads.
The conversation focuses on the strategic shift from broad search engine manipulation to the subversion of large language models, highlighting how threat actors are now targeting high-value hardware rather than just high volumes of users. We explore the intricate chain of infection that weaponizes legitimate system utilities and the persistent threat posed by over-privileged identities and third-party service providers. Malik explains how these modern attacks utilize legitimate management tools to bypass traditional defenses, turning a company’s own infrastructure and “assumed trust” against itself.
How has the shift from traditional search engine optimization poisoning to targeting large language model responses fundamentally changed the landscape of social engineering?
This is a total shift in the trust model we have built with technology over the last decade. Users have been trained to be skeptical of the tenth page of a Google search, but they often treat a chatbot response like a direct, curated recommendation from a knowledgeable friend. When an attacker successfully games an AI to suggest one of the more than 150 identified malicious domains, they aren’t just fighting for a ranking; they are hijacking the user’s inherent confidence in the AI’s “intelligence.” These subdomains on gleeze[.]com, managed through Dynu’s dynamic DNS, feel legitimate because the AI presents them as the definitive answer to a query. This represents the next frontier of social engineering—an automated, scalable way to make the machine do the lying for you, leading users straight into the arms of a cryptojacker without them ever suspecting a thing.
Why are these campaigns specifically mimicking high-end tools like CrystalDiskInfo and FurMark instead of general consumer software?
This is a surgical operation with a very specific business logic: they are hunting for “mining value” rather than just a high number of infections. By impersonating hardware monitoring software like HWMonitor or GPU stress tests like FurMark, the attackers ensure that the infected machine actually has the high-performance horsepower to make cryptocurrency mining profitable. It is much more lucrative for a hacker to compromise ten workstations equipped with expensive, high-end GPUs than to indiscriminately infect 1,000 standard office laptops that lack the processing power to mine efficiently. They are effectively maximizing their yield per compromised device, ensuring that the stolen electricity and hardware life they consume translate into the highest possible digital payout. It shows a sophisticated understanding of the hardware demographics they are hunting, turning a professional’s own powerful tools into a liability.
Could you walk us through the technical “handshake” that occurs once a user downloads what they believe to be a harmless utility like the K-Lite Codec Pack or PDFgear?
The deception begins with a ZIP archive that looks completely innocuous on the surface, but the “poison” is hidden in a rogue file named “autorun.dll” that gets sideloaded the moment the user launches the legitimate-looking binary. This triggers a hidden chain of events where “msiexec.exe” is used to silently install a second malicious DLL named “vcredist_x64.dll,” which is actually a packaged installer for ScreenConnect. Once ScreenConnect is active, it establishes a persistent heartbeat with an attacker-controlled server at the IP address 193.42.11[.]108. This gives the attacker a permanent, remote “backdoor” into the system, allowing them to drop the “SimpleRunPE.exe” binary which handles the actual mining execution. It’s a masterclass in using “living off the land” techniques, where the attacker uses legitimate system processes to hide their tracks and maintain a foothold.
The malware seems to have a very aggressive “self-preservation” instinct when it comes to being discovered by the user; how does that work in practice?
The “SimpleRunPE.exe” binary acts like a digital parasite that knows exactly how to play dead the moment it feels a pair of eyes on it. It constantly monitors the system’s running processes for specific strings like “taskmgr.exe” for the Windows Task Manager or “procexp.exe” for Process Explorer. If a user notices their computer fans are spinning at maximum speed and tries to investigate by opening a diagnostic tool, the malware immediately terminates the miner to drop the CPU and GPU usage back to normal. It even goes as far as re-configuring Microsoft Defender exclusions and recreating registry run keys to ensure it persists even after a reboot. This “cat and mouse” game ensures that the miner stays active only when the user isn’t looking, effectively siphoning resources in the shadows for as long as possible.
We also saw a separate incident involving an F5 BIG-IP firewall and a Confluence server—how does this illustrate the danger of lateral movement once a hacker gets inside?
That specific incident shows how an initial point of entry, like a firewall appliance, can be the springboard for much more dangerous activity than simple mining. The threat actor used a Python script to set up a custom FTP server on a compromised Linux host, which they then used to move tools onto an internal Atlassian Confluence server. Even when their initial attempts to use remote code execution flaws failed, they simply pivoted to credential theft and exploited CVE-2025-33073 to perform Kerberos relay attacks. This is the nightmare scenario for any CISO: an attacker moving laterally through the network, gaining higher and higher levels of authentication until they reach the Active Directory. It proves that what starts as a resource-theft operation can quickly evolve into a full-scale data breach or ransomware event if the lateral movement isn’t caught.
What is the “invisible risk” associated with over-privileged identities and the relationships companies have with their third-party IT providers?
The invisible risk is what I call “assumed trust,” where we stop verifying the actions of accounts simply because they look legitimate or belong to a trusted partner. In the observed cases, threat actors were able to maintain access to Linux servers for long periods simply by using a privileged account with sudo rights that were far beyond what was necessary for the job. Similarly, when hackers compromise a third-party IT service provider, they can leverage the provider’s management tools to anchor themselves inside a client’s environment. These tools and accounts often bypass security checks because they are seen as “part of the team,” creating massive enforcement gaps that attackers are all too happy to exploit. Organizations need to move toward a posture of deliberate verification, where even your most trusted vendors are subjected to behavioral validation within your network.
What is your forecast for the future of AI-driven social engineering?
I believe we are entering an era where the concept of a “trusted source” will have to be completely redefined, as attackers move from poisoning search results to poisoning the actual training data and live outputs of AI models. We will likely see more personalized, “deep-research” attacks where AI agents are used to find specific individuals with high-value access and then generate perfectly tailored recommendations that lead them to malicious infrastructure. The battle will move from the perimeter of the network to the very interface of how we consume information. In the next few years, the most successful defenders will be those who implement “zero trust” not just at the network level, but at the data level, treating every AI-generated link or recommendation with the same level of scrutiny as a random email from an unknown sender. The speed of AI-driven delivery means our detection systems must move from being reactive to being predictive, identifying malicious subdomains like those gleeze[.]com subnets before they are even suggested to a user.
