Friday, November 25th 2022
![MSI - Micro-Star International](https://tpucdn.com/images/news/msi-v1716927570102.png)
MSI Afterburner Laced with Malware Circulating in the Wild
MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques and ad-placements to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware.
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
Sources:
Cyble, HotHardware
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
80 Comments on MSI Afterburner Laced with Malware Circulating in the Wild
Global MSI Page...
www.msi.com/Landing/afterburner/graphics-cards
Jokes aside, I don't understand people who even in today download stuff from shady sites. I get my stuff either from the official sites or from Cnet or similar well-known site.
IMO it's long long past time the government intervenes in google's search monopoly. Either google needs to be split up or they need to agree to a set of rules in regards to ads, data collection, marketplace competition, and more.
Its official sites or not at all, thats what should be taught here. Advanced? :p
But funny thing back when I had my HD 7950 - Afterburner crashed my whole system and the card was from MSI itself! Switched to Sapphire Trixx (which is based on the same software) and it worked like magic. :)
(also - the card was a beast: OC'ed from Core 800 / Mem. 1200 to 1200/1700, got ~40% more performance in games and it was not it's limit!)
Ah, better :-D
Also, this is why I always say that Nvidia should and must include a tuning tool in their drivers just like AMD and Intel do. :shadedshu:
It's said that Google pays Adblock to pass through acceptable ads. But the same acceptable ads is exactly what this whole thread is about.
There's a few key advantages to using a adblocker:
- Cleaner websites
- Faster rendering
- Less overhead or CPU Cycles needed
- Safer browsing!
The downside to this is:
- Less revenue for websites and provider(s), hence why newspaper now head all to a Pay subscription model
Also, people using these toolbars to verify a website trustworthyness etc; its all garbage and intended as mass datacollection on the sites you on avg visit. I stopped running with a antivirus for 3 years now. Once in a while i do a scan, but if you just use your common sense really nothing can bad can happen. For mobile phones i suggest Adguard.
1. Drivers I can understand, but there are tools like Snappy Driver Installer(and DriverPack Solution in the past, when it used to not install bloatware) that make life many times easier for people who, say for example, perform windows installs for people on a very frequent basis, like 4-5 times per day. Of course said tools would also have their own official sources to download them from, after that everything else is a risk.
2. 3rd party tools are often much more functional and thorough than the baked-in alternatives.
- the DDU example is massively wrong - I use it in my line of work very often to fix people's mess when they've downloaded and installed driver upon driver upon driver and wondered(like you said) why they have many performance(or other) issues. So far I've only once or twice used it to clean up Realtek HD Audio driver, it did the job. But for graphics drivers it's a must, this tool. Clean windows 10/11 install or just installing new driver/cleaning leftovers from old drivers.
- my own example would be abbodi1406's Visual C++ and DirectX repacks - both are a fraction of the total size of the official download(~30MB each repack vs ~100MB for directx alone and maybe the same if not more for multiple separate vc++ installers, all of which have a bunch of installer payload you don't really need), perform a cleanup before installing anything, have switches you can use to perform specific tasks. All this made by a trusted person on a well-known trusted forum(I'm sure some here have an idea)
There are probably many positive examples to be given, I just haven't experienced the need to use some of the stuff that exists out there. After that come things like crappy bloatware/shady/malicious websites that use the name of an otherwise useful piece of software to rack up clicks and spread unwanted/harmful crap.
TL/DR: Don't lump everything under the same lame mentality of only using what the manufacturer provides. I use non-oem aluminum window hangers on my Golf Mk4 because the oem plastic ones break whenever they feel like it. People use cheap "aliexpress/ebay turbos" because buying a proper built turbo from a reputable manufacturer costs "too much" and is "unnecessary". Those are two completely different approaches to solving problems. Same with software.
Seconds regarding drivers... AMD/NVIDIA and Intel should pull their head out of the arses and make proper driver cherry picked driver packages with build bot. Intel Arc ones are 1.2GB... well that's an OS size not a driver.
Basically you can set up your arch, OS, features and games, ability sort profiles to make drivers thinner, as thin you can... put a check mark and let a build bot assemble the precompiled packages with a signed driver. It really ain't that hard. You can compile entire OS like that without any issues... But hey... why to use your head...
They are holding on the driver inefficiency for that long it has become a cancer. The worst, nvidia has to rely on third party for making it usable while under/overclocking, that's absurd.
Btw, my weapons of choice are AdBlock+NoScript.
Lot of kids from different ages just click the search results. I know my kid did. The same goes for elder people. They don't know enough or they have already forgotten something. A teenager's friend from school said download this and your game play gets a significant boost.
And that's it. Clickety-Click.
My mom is over 70 and she reads news, pay her bills and so on with her laptop and mobile phone. And at least once in every two months or so we go through this same conversation: something is not working like it used to be, did I do something wrong and got a virus and lost my savings?
No she didn't, so far. But these things aren't so simple and easy for all of us. We may well need a little bit more understanding outside of our own bubble.
Teaching everyone we know the basics of a secure computing ethic is very important. Actively blocking any avenue of entry for those malicious in intent is also very important.
I installed ad-blockers and other stuff to my mom's laptop and gave her lessons about basic security. And that's why I get those calls, when something is not the way it used to be.