Beware of the fake MSI Afterburner that installs encryption and information theft malware

Briefly: If you have recently downloaded MSI Afterburner, it might be wise to scan your system for any malware. Researchers have discovered that a large number of websites are impersonating the official MSI site to trick users into downloading malware along with the overclocking tool.

Cyble Intelligence and Research Labcreel) Detect multiple phishing campaigns using MSI Afterburner to deliver XMR (Monero) crypto mining and information stealing malware via 50+ fake replica sites.

MSI Afterburner is a free utility that allows you to overclock, monitor, benchmark and capture video. It works on all graphics cards, which makes it very popular for those looking to squeeze every last drop out of their GPU. Could you Download it safely here.

But such popularity made cybercriminals turn to MSI Afterburner as a way to distribute malware. CRIL writes that the campaigns include phishing emails, online advertisements, and various other means of posting links to fake websites. Some domain names include,, and

Anyone who downloads and executes the dummy MSI Afterburner setup file will find that the real version of the software is installed. However, the installer also adds RedLine information-stealing malware and an XMR miner to the device.

As with other crypto malware, a miner, which connects to a mining pool for Monero mining with an encrypted username and password, consumes a huge amount of system resources, which severely affects performance. Bleeping Computer writes that the Miner only active After 60 minutes the CPU enters idle mode, thus the computer does not run any resource-intensive programs. This also means that the device has likely been left unattended.

While this is happening, RedLine Stealer runs in the background, stealing passwords, cookies, browser information, and (potentially) cryptocurrency wallets.

Worst of all, the malicious elements of the campaigns are only detected by very few antivirus programs, so detecting your infection may not be as easy as running a security tool.

This isn’t the first time Afterburner has been used to deliver malware. MSI warned people last year don’t visit A duplicate of its official website created by hackers, which contains malware-laden software disguised as an overclocking application.

Source link

Related Posts