Beware of the fake MSI Afterburner that installs cryptojacking and information stealing malware.

In short: If you have recently downloaded MSI Afterburner, it may be wise to check your system for malware. The researchers found that a large number of websites impersonated the official MSI website in order to trick users into downloading malware along with the overclocking tool.

Cyber ​​Intelligence and Research Laboratory (CRIL) discovered several phishing campaigns using MSI Afterburner to deliver XMR (Monero) cryptomining and information stealing malware through over 50 fake replica websites.

MSI Afterburner is a free utility that allows you to overclock, monitor, test and capture videos. It works on all graphics cards, which makes it very popular among those who want to get the most out of their GPU. You can safely download it here.

But this popularity has led cybercriminals to turn to MSI Afterburner as a way to distribute malware. CRIL writes that the campaigns include phishing emails, online advertisements, and various other ways to distribute links to fake websites. Some of the domain names include,, and

Anyone who downloads and runs the fake MSI Afterburner installation file will find that the real version of the software is installed. However, the installer also adds information-stealing RedLine malware and an XMR miner to the device.

As with other cryptojacking malware, a miner that connects to a mining pool to mine Monero using a hard-coded username and password consumes a huge amount of system resources, which seriously impacts performance. Bleeping Computer writes that miner is just activated 60 minutes after the CPU went into sleep mode, so no resource-intensive programs are running on the computer. It also means that the device has probably been left unattended.

While this is happening, RedLine Stealer is running in the background, stealing passwords, cookies, browser information, and (potentially) cryptocurrency wallets.

Worst of all, the malicious elements of the campaigns are only detected by a small number of antivirus programs, so finding out that you are infected may not be as easy as running a security tool.

This is not the first time Afterburner has been used to deliver malware. Last year, MSI warned people not to visit a hacked copy of its official website that contained malware-loaded software disguised as an overclocking app.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button