• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

MSI Warns Against Malicious Afterburner Website

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,878 (7.38/day)
Location
Dublin, Ireland
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard Gigabyte B550 AORUS Elite V2
Cooling DeepCool Gammax L240 V2
Memory 2x 16GB DDR4-3200
Video Card(s) Galax RTX 4070 Ti EX
Storage Samsung 990 1TB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
MSI is informing the public of a malicious software being disguised as the official MSI Afterburner software. The malicious software is being unlawfully hosted on a suspicious website impersonating as MSI's official website with the domain name https://afterburner-msi.space. MSI has no relation with this website or the aforementioned domain.

The fraudulent website imitates MSI's official webpage appearance and design, and offers downloads for MSI's Afterburner. This webpage is hosting software which may contain virus, trojan, keylogger, or other type of malicious program that have been disguised to look like MSI Afterburner. The Public is warned not to download any software from this website!



Update May 14th: TechPowerUp Forums member silentbogo detected the host and CDN behind the malicious Afterburner app, and reported it to them. In response to these reports, the CDN, Hipolink, has deleted the accounts responsible for this, while the host, timeweb.ru, said that they are investigating this. Our Kudos to silentbogo.

MSI's official Afterburner website is not compromised and is safe to use. The Afterburner Software download link is currently closed due to routine maintenance. The software will be downloadable soon and you can find the latest version of Afterburner at https://www.msi.com/Landing/afterburner/graphics-cards.

MSI is dedicated to providing reliable products that deliver incredible user experiences. As such, we find it our responsibility to protect those who have put their trust into our dedication. We condemn the infringement on our proprietary rights and the damage it has caused to MSI's reputation. Necessary actions to remove the malicious imposter website are underway.

View at TechPowerUp Main Site
 
That's a damn sneaky move. Guaranteed it's a crypto mining scam considering the target is folk dl'ing a GPU tool.
 
That's a damn sneaky move. Guaranteed it's a crypto mining scam considering the target is folk dl'ing a GPU tool.


Well that was really polite hehe, again down to people clicking any thing.
 
So, why is that website still up? First reports are dated may 5th. Took me all of 2 minutes to find their hoster (timeweb.ru) and CDN for malicious files(hipolink, some sort of stupid e-commerce service w/ social network integration, full of holes and potential exploits). Pretty sure MSI has a lot more sway than me writing an angry e-mail to tech support.

UPDATE:
Victory #1. Per my request Hipolink already deleted suspicious accounts.
Victory #2. Timeweb already replied that they're on it.

So, the moral of this story, kids, is - be proactive. Cause from my standpoint it looks like an equivalent of reporters filming a live robbery and telling how bad the crime rate is nowadays, before even calling the police.
 
Last edited:
Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
 
Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
It has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
 
I always download it from Guru3D.
 
Because it ends in “.space” it could be a chia crypto scam as one pool for Chia is planning on launching soon using .space moniker but it is a legit pool as far as I know.
That's really can't be true and most likely just something you heard.

IANA would never go for assigning a zone to a crypto based registrar, at least not yet. There are crypto names, but you need to be running the wallet to view them (like namecoin as an example). This is not the problem at all.

Also Chia doesn't even use GPUs.

It has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
You are a wizzard, Harry!

Or a hairy wizzard, you pick.
 
Nobody questioned the fact the legit source was shut down "for maintenance" ?
Seems too much of a coincidence to me.
 
Nobody questioned the fact the legit source was shut down "for maintenance" ?
Seems too much of a coincidence to me.
If you're a scammer, you don't view that as an opportunity?
 
So, why is that website still up? First reports are dated may 5th. Took me all of 2 minutes to find their hoster (timeweb.ru) and CDN for malicious files(hipolink, some sort of stupid e-commerce service w/ social network integration, full of holes and potential exploits). Pretty sure MSI has a lot more sway than me writing an angry e-mail to tech support.

UPDATE:
Victory #1. Per my request Hipolink already deleted suspicious accounts.
Victory #2. Timeweb already replied that they're on it.

So, the moral of this story, kids, is - be proactive. Cause from my standpoint it looks like an equivalent of reporters filming a live robbery and telling how bad the crime rate is nowadays, before even calling the police.
Kudos! post updated.
 
It has nothing to do with it. Gimmicky domain zones are popular, because they are always on sale or free(bundled with hosting).

UPDATE #2:
Apparently puny silentbogo with his angry emails has more power(or common sense) than multi-billion dollar corpo. Website has been taken off somewhere in-between their first reply and my trip to the office.
Living close enough is so much better than an email. Thank you very much for this.
 
Living close enough is so much better than an email. Thank you very much for this.
I meant trip to my office, not their office... I'm not sure if border patrol would let me go to SPB, or just arrest on the spot :fear:
 
after.............burnt................
 
silentbogo doing God's work. Kudos to you. The lack of intervention from MSI themselves shows how little they care about their image, like every other corpos. But they only know how to rat out when things get a little too hot.

can't say the word "corporate" with the word "rat" in it.
 
Back
Top