MSI Afterburner: Fake websites with malicious version of GPU tool

According to a report by security researchers at Cyble Intelligence and Research Lab (CRIL), a phishing campaign was recently launched uncovered, which aims to smother gamers with cryptocurrency miners and information theft through modified versions of MSI Afterburner. According to its own statements, the CRIL was able to identify around 50 fake websites offering a defective version of the software in the last three months.

It attempts to spread the malware through phishing emails, online advertisements, forums, and other media. The phishing websites therefore look exactly like the official MSI download page, which is why the URL and domain name should be checked carefully when downloading. The CRIL also named some of the fake domains, like “msi-afterburner-download.site”, “msi-afterburner.download” or “mslafterburners.com”. Some of them are said to be offline by now.

MSI Afterburner: Fake wants mining and data theft

The malware infects the victim’s system with an XMR miner that secretly connects to a mining pool to mine the cryptocurrency Monero. Meanwhile, the program steals the hijacked user’s sensitive information such as computer name, username and other data at the same time.

Accordingly, you should check whether an original version of MSI Afterburner is being used or if possible only download it from the official MSI website instead of from third-party providers. MSI itself uncovered similar incidents in connection with the Afterburner last year. Noisy Tomshardware.com The release of Nvidia’s Geforce RTX 40 series and AMD’s upcoming Radeon RX 7000 generation and the associated interest are likely to have caused the increased distribution of this type of malware.