Cyble Intelligence & Research Lab security experts discovered several phishing campaigns targeting users of MSI Afterburner software. The malware uses the program to mine Monero.
MSI Afterburner is used to push the performance of graphics cards to their limits. It also allows you to monitor the system temperature or even adjust the fan speed of your GPU. In other words, it’s a very complete application that is favored by gamers. This software is therefore a target of choice for hackers, who see in it an ideal Trojan horse to access the PC of their potential victims.
To read – Radeon RX 7900: stocks will be much higher than those of the RTX 4090
Malware spotted by Cyble masquerades as MSI Afterburner. Once installed, it steals your personal data and hijacks your computer resources to collect Monero and send it to a remote server. In effect, the malware works alongside the legitimate version of Afterburner. The bogus program is hosted on bogus MSI site created by cyber criminals.
Hackers Add Monero Mining Features to MSI Afterburner
According to analysts, no less than 50 Fake MSI Sites Have Been Created to help distribute the malware. Hackers promote it through phishing email campaigns, specialized forums or even online advertisements. Although the sites in question bear a strong resemblance to the real MSI site, it is quite easy to spot them. Domain names are most often suspect. Cyble thus cites URLs such as mslafterburners.com, msi-afterburner.download or even msi-afterburner-download.site.
The timing of this phishing campaign is no coincidence. Nvidia has just formalized its new graphics cards, the RTX 4080 and RTX 4090, and AMD is about to unveil its Radeon RX 7900s. Many buyers will soon equip themselves, and probably use MSI Afterburner to draw the quintessence of their material. Be sure to only download your software from the manufacturer’s site, or at the very least from a trusted source.
Source: Tom’s Hardware