Beware of pretend MSI Afterburner that installs cryptojacking and information-stealing malware
In temporary: If you downloaded MSI Afterburner lately, it is likely to be prudent to test your system for any malicious software program. Researchers have discovered that a lot of web sites have been impersonating MSI’s official web site to trick customers into downloading malware alongside the overclocking software.
Cyble Intelligence and Research Lab (CRIL) found a number of phishing campaigns that use MSI Afterburner to ship XMR (Monero) cryptomining and information-stealing malware through 50+ faux reproduction web sites.
MSI Afterburner is a free utility that permits you to overclock, monitor, benchmark, and video seize. It works on all graphics playing cards, making it highly regarded for these trying to squeeze each drop out of their GPU. You can obtain it safely right here.
But that recognition has seen cybercriminals flip to MSI Afterburner as a method of distributing malware. CRIL writes that the campaigns contain phishing emails, on-line advertisements, and numerous different technique of spreading hyperlinks to the faux web sites. Some of the domains embody msi-afterburner-download.web site, msi-afterburner.obtain, and mslafterburners.com.
Anyone who downloads and executes the faux MSI Afterburner setup file will discover that the actual model of the software program is put in. However, the installer additionally provides the RedLine information-stealing malware and an XMR miner to the machine.
As with different cryptojacking malware, the miner, which connects to a mining pool to mine Monero utilizing a hardcoded username and password, takes up an enormous quantity of system assets, severely impacting efficiency. Bleeping Computer writes that the miner solely prompts 60 minutes after the CPU has entered idling, so the pc is just not operating any resource-intensive packages. It additionally means the machine has most likely been left unattended.
While that is taking place, the RedLine Stealer is operating within the background, pilfering passwords, cookies, browser data, and (probably) cryptocurrency wallets.
Worst of all, the campaigns’ malicious parts are solely detected by a tiny variety of antivirus packages, so discovering you’ve got been contaminated won’t be as straightforward as operating a safety software.
This is not the primary time Afterburner has been used to ship malicious packages. MSI final 12 months warned folks to not go to a reproduction of its official web site created by hackers, which contained a malware-loaded piece of software program disguised because the overclocking app.