Friday, November 25th 2022
MSI Afterburner Laced with Malware Circulating in the Wild
MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques and ad-placements to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware.
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
Sources:
Cyble, HotHardware
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
80 Comments on MSI Afterburner Laced with Malware Circulating in the Wild
I think this happened before, agessssss ago if it did.
People that have malware either do it intentionally or are completely stupid and should have their devices and computer taken away like...I was gonna say "like some little kid" but then it dawned on me (no crack of Dawn jokes please), its prolly little kids getting the malware and the parents reporting it. This makes the parents just as stupid for not teaching the kids properly.
Edit: And if you modify the installer, the signature is invalidated, which raises the question: do these modified installers carry a proper signature?
Tip: Adblock + Ublock at the same time.
What a whack job.
You block those. But also other partners. Its a shame we came to this point but really you cant trust the majority of these advertisement platforms anymore.
You could literally have a popup say "Clicking YES will install a virus. Do you wish to continue?" And they'll just click on YES.
Best you can do is try to keep people informed.
Yeah duckduckgo and start page work just fine at finding msi's website on top
Start page being the best of course at finding all legitimate download site :cool:
Even found bleeping computers article :laugh:
laced with...makes me think of fentanyl btw
The situation described in this article is exactly why adblockers are so important and critical. It does not matter that things like this happen once in a while, they happen and such is unacceptable. We can't count on the likes of big corporations(not just Google, these kinds of things happen on microsoft's own Bing search frequently as well) to protect us, that responsibility is our own. AdBlockers and other privacy & security tools are critical to the general public protecting itself.Agreed. UBlock is excellent, but it's not the only good adblocker out there.Also agree with this point. TPU is one of the few places on the net that is actually ad safe. W1zzard takes personal pride in this place and actually cares about the visitors, audience and forum users.
Half the site must be ads by now, I pity the poor souls who don't know about adblockers yet.
"msl aftenburner" and "mci" are there lol, and it works on any crd! gives you coplete control!
Is this because I'm using a Pixel device in Google's environment so I'm not getting ads? I don't use adblockers.
I am *so* jumping ship.