If your system has been running sluggishly, you should check if you have the legit version of MSI Afterburner. Cyble Intelligence and Research Lab (opens in new tab) (CRIL) has recently uncovered a phishing campaign to infect gamers with cryptocurrency miners and information stealers through fake MSI Afterburner software. The firm has identified around 50 phony websites over the past three months.
MSI Afterburner is one of the more popular graphics card software for monitoring, tweaking, and overclocking the best graphics cards on the market. Therefore, it doesn't come as a shock that threat actors are impersonating MSI's software. It's not the first time that perpetrators are targeting MSI Afterburner, either. MSI detected a similar incident last year. However, it would seem that the threat actors back at it again now that Nvidia is rolling out its GeForce RTX 40-series graphics cards and AMD is on the brink of unleashing the Radeon RX 7900-series products. The criminals couldn't find a better time to set up shop.
The modus operandi consists of distributing the malware through phishing emails, online advertisements, forums, and other mediums. The phishing websites look precisely like MSI's official Afterburner download page. You can spot fraud by looking at the domain names. Cyble has identified some of the fake domains, such as msi-afterburner-download.site, msi-afterburner.download and mslafterburners.com. Some are already offline, but more are bound to show up.
The malware infects the victim's system with an XMR miner that stealthily connects to a mining pool to harvest Monero. Meanwhile, the program simultaneously steals the hijacked user's sensitive information like computer name, username, and other data.
If you just got a brand new graphics card or need to redownload MSI Afterburner, remember to get it from MSI's website and avoid third-party distributors. If you're using Google, look at the website's URL carefully before clicking.
The Windows key resellers, I get why some would go to them, but Afterburner is already free...
Me: "Type 'www.teamviewer.com' into your browser address bar and press enter."
Me: "You should see a blue screen with a black 'Download for free' button in the middle-left."
Dad: "I don't see anything like that."
Me: "Um, what browser are you using?"
What's really hard is that he used to be at least somewhat competent on computers. He was one of the first computer guys back in the 60s! Worked for IBM for a while, also did AS400 consulting for 20 or so years. These days, at 87, he's very much slowing down and getting into the senile stages of life.
Just a reminder that while analytics may be something we dislike about companies, they do help protect against sketchy stuff.
Fb3JroH4th link fake.
When I search 'msi afterburner download', I get this:
O2cTrit3rd and 7th are sus.
¯\(ツ)/¯ What am I doing wrong?