Friday, May 14th 2021

MSI Warns Against Malicious Afterburner Website

MSI is informing the public of a malicious software being disguised as the official MSI Afterburner software. The malicious software is being unlawfully hosted on a suspicious website impersonating as MSI's official website with the domain name https://afterburner-msi.space. MSI has no relation with this website or the aforementioned domain.

The fraudulent website imitates MSI's official webpage appearance and design, and offers downloads for MSI's Afterburner. This webpage is hosting software which may contain virus, trojan, keylogger, or other type of malicious program that have been disguised to look like MSI Afterburner. The Public is warned not to download any software from this website!
Update May 14th: TechPowerUp Forums member silentbogo detected the host and CDN behind the malicious Afterburner app, and reported it to them. In response to these reports, the CDN, Hipolink, has deleted the accounts responsible for this, while the host, timeweb.ru, said that they are investigating this. Our Kudos to silentbogo.

MSI's official Afterburner website is not compromised and is safe to use. The Afterburner Software download link is currently closed due to routine maintenance. The software will be downloadable soon and you can find the latest version of Afterburner at https://www.msi.com/Landing/afterburner/graphics-cards.

MSI is dedicated to providing reliable products that deliver incredible user experiences. As such, we find it our responsibility to protect those who have put their trust into our dedication. We condemn the infringement on our proprietary rights and the damage it has caused to MSI's reputation. Necessary actions to remove the malicious imposter website are underway.
Add your own comment

18 Comments on MSI Warns Against Malicious Afterburner Website

#1
the54thvoid
That's a damn sneaky move. Guaranteed it's a crypto mining scam considering the target is folk dl'ing a GPU tool.
Posted on Reply
#2
AsRock
TPU addict
the54thvoidThat's a damn sneaky move. Guaranteed it's a crypto mining scam considering the target is folk dl'ing a GPU tool.
Well that was really polite hehe, again down to people clicking any thing.
Posted on Reply
#3
silentbogo
So, why is that website still up? First reports are dated may 5th. Took me all of 2 minutes to find their hoster (timeweb.ru) and CDN for malicious files(hipolink, some sort of stupid e-commerce service w/ social network integration, full of holes and potential exploits). Pretty sure MSI has a lot more sway than me writing an angry e-mail to tech support.

UPDATE:
Victory #1. Per my request Hipolink already deleted suspicious accounts.
Victory #2. Timeweb already replied that they're on it.

So, the moral of this story, kids, is - be proactive. Cause from my standpoint it looks like an equivalent of reporters filming a live robbery and telling how bad the crime rate is nowadays, before even calling the police.
Posted on Reply
#4
agentnathan009
Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
Posted on Reply
#5
silentbogo
agentnathan009Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
It has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
Posted on Reply
#6
TheDeeGee
I always download it from Guru3D.
Posted on Reply
#7
R-T-B
agentnathan009Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
That's really can't be true and most likely just something you heard.

IANA would never go for assigning a zone to a crypto based registrar, at least not yet. There are crypto names, but you need to be running the wallet to view them (like namecoin as an example). This is not the problem at all.

Also Chia doesn't even use GPUs.
silentbogoIt has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
You are a wizzard, Harry!

Or a hairy wizzard, you pick.
Posted on Reply
#8
Caring1
Nobody questioned the fact the legit source was shut down "for maintenance" ?
Seems too much of a coincidence to me.
Posted on Reply
#9
R-T-B
Caring1Nobody questioned the fact the legit source was shut down "for maintenance" ?
Seems too much of a coincidence to me.
If you're a scammer, you don't view that as an opportunity?
Posted on Reply
#10
Caring1
R-T-BIf you're a scammer, you don't view that as an opportunity?
Yes, as would disabling the official site.
Posted on Reply
#11
btarunr
Editor & Senior Moderator
silentbogoSo, why is that website still up? First reports are dated may 5th. Took me all of 2 minutes to find their hoster (timeweb.ru) and CDN for malicious files(hipolink, some sort of stupid e-commerce service w/ social network integration, full of holes and potential exploits). Pretty sure MSI has a lot more sway than me writing an angry e-mail to tech support.

UPDATE:
Victory #1. Per my request Hipolink already deleted suspicious accounts.
Victory #2. Timeweb already replied that they're on it.

So, the moral of this story, kids, is - be proactive. Cause from my standpoint it looks like an equivalent of reporters filming a live robbery and telling how bad the crime rate is nowadays, before even calling the police.
Kudos! post updated.
Posted on Reply
#14
DeathtoGnomes
silentbogoIt has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
Living close enough is so much better than an email. Thank you very much for this.
Posted on Reply
#15
silentbogo
DeathtoGnomesLiving close enough is so much better than an email. Thank you very much for this.
I meant trip to my office, not their office... I'm not sure if border patrol would let me go to SPB, or just arrest on the spot :fear:
Posted on Reply
#16
Minus Infinity
They must be talking about Asus' Armoury Crate malware. :roll:
Posted on Reply
#17
mechtech
after.............burnt................
Posted on Reply
#18
Tsukiyomi91
silentbogo doing God's work. Kudos to you. The lack of intervention from MSI themselves shows how little they care about their image, like every other corpos. But they only know how to rat out when things get a little too hot.

can't say the word "corporate" with the word "rat" in it.
Posted on Reply
Add your own comment