Beware of fake MSI Afterburner that installs cryptojacking and information-stealing malware

Briefly: In case you downloaded MSI Afterburner not too long ago, it could be prudent to examine your system for any malicious software program. Researchers have discovered that numerous web sites have been impersonating MSI’s official web site to trick customers into downloading malware alongside the overclocking instrument.

Cyble Intelligence and Analysis Lab (CRIL) found a number of phishing campaigns that use MSI Afterburner to ship XMR (Monero) cryptomining and information-stealing malware through 50+ faux reproduction web sites.

MSI Afterburner is a free utility that allows you to overclock, monitor, benchmark, and video seize. It really works on all graphics playing cards, making it very fashionable for these trying to squeeze each drop out of their GPU. You may download it safely here.

However that recognition has seen cybercriminals flip to MSI Afterburner as a approach of distributing malware. CRIL writes that the campaigns contain phishing emails, on-line advertisements, and varied different technique of spreading hyperlinks to the faux web sites. A few of the domains embody msi-afterburner-download.web site, msi-afterburner.obtain, and mslafterburners.com.

Anybody who downloads and executes the faux MSI Afterburner setup file will discover that the actual model of the software program is put in. Nevertheless, the installer additionally provides the RedLine information-stealing malware and an XMR miner to the gadget.

As with different cryptojacking malware, the miner, which connects to a mining pool to mine Monero utilizing a hardcoded username and password, takes up an enormous quantity of system sources, severely impacting efficiency. Bleeping Laptop writes that the miner only activates 60 minutes after the CPU has entered idling, so the pc will not be operating any resource-intensive applications. It additionally means the gadget has most likely been left unattended.

Whereas that is taking place, the RedLine Stealer is operating within the background, pilfering passwords, cookies, browser info, and (doubtlessly) cryptocurrency wallets.

Worst of all, the campaigns’ malicious components are solely detected by a tiny variety of antivirus applications, so discovering you’ve got been contaminated won’t be as simple as operating a safety instrument.

This is not the primary time Afterburner has been used to ship malicious applications. MSI final 12 months warned individuals not to visit a replica of its official web site created by hackers, which contained a malware-loaded piece of software program disguised because the overclocking app.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *