If your system has been running sluggishly, you should check if you have the legit version of MSI Afterburner. Cyble Intelligence and Research Lab (opens in new tab) (CRIL) has recently uncovered a phishing campaign to infect gamers with cryptocurrency miners and information stealers through fake MSI Afterburner software. The firm has identified around 50 phony websites over the past three months.
MSI Afterburner is one of the more popular graphics card software for monitoring, tweaking, and overclocking the best graphics cards on the market. Therefore, it doesn't come as a shock that threat actors are impersonating MSI's software. It's not the first time that perpetrators are targeting MSI Afterburner, either. MSI detected a similar incident last year. However, it would seem that the threat actors back at it again now that Nvidia is rolling out its GeForce RTX 40-series graphics cards and AMD is on the brink of unleashing the Radeon RX 7900-series products. The criminals couldn't find a better time to set up shop.
The modus operandi consists of distributing the malware through phishing emails, online advertisements, forums, and other mediums. The phishing websites look precisely like MSI's official Afterburner download page. You can spot fraud by looking at the domain names. Cyble has identified some of the fake domains, such as msi-afterburner-download.site, msi-afterburner.download and mslafterburners.com. Some are already offline, but more are bound to show up.
The malware infects the victim's system with an XMR miner that stealthily connects to a mining pool to harvest Monero. Meanwhile, the program simultaneously steals the hijacked user's sensitive information like computer name, username, and other data.
If you just got a brand new graphics card or need to redownload MSI Afterburner, remember to get it from MSI's website and avoid third-party distributors. If you're using Google, look at the website's URL carefully before clicking.
