Fake MSI Afterburner infects targets with Coin Miner, Password Stealer


If your system is running slow then you need to check if you have the legit version of MSI Afterburner. Cyble Intelligence and Research Laboratory (opens in a new tab) (CRIL) recently uncovered a phishing campaign aimed at infecting gamers with cryptocurrency miners and information thieves via fake MSI Afterburner software. The company has identified about 50 fake websites over the past three months.

MSI Afterburner is one of the most popular graphics card software to monitor, tune and overclock the best graphics cards in the market. Therefore, it is not surprising that malicious actors are impersonating MSI’s software. This is also not the first time that malefactors have targeted MSI Afterburner. MSI detected a similar incident last year. However, it looks like threat actors are coming back again now that Nvidia is rolling out its GeForce RTX 40-series graphics cards and AMD is set to launch Radeon RX 7900-series products. Criminals couldn’t think of a better time. to install.

The modus operandi is to distribute the malware through phishing emails, online advertisements, forums and other mediums. The phishing websites look exactly like MSI’s official Afterburner download page. You can spot fraud by looking at domain names. Cyble identified some of the fake domains, such as msi-afterburner-download.site, msi-afterburner.download, and mslafterburners.com. Some are already offline, but others should appear.

The malware infects the victim’s system with an XMR miner that stealthily connects to a mining pool to harvest Monero. Meanwhile, the program simultaneously steals the hacked user’s sensitive information like computer name, username and other data.

If you just got a brand new graphics card or need to redownload MSI Afterburner, remember to get it from MSI website and avoid third party distributors. If you use Google, look carefully at the website URL before clicking.


About Author

Comments are closed.