MSI Afterburner Laced with Malware Circulating in the Wild

[btarunr]

MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques and ad-placements to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware.

Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.



View at TechPowerUp Main Site | Source

 

[Arkz]

Why would you ever get it from anywhere other than msi.com?

 

[JAB Creations]

*sigh*

 

[Wavetrex]

And then Google is Surprised Pikachu that people use ad-blockers.

Ads ARE the malware of the world !

 

[Vayra86]

And then Google is Surprised Pikachu that people use ad-blockers.

Ads ARE the malware of the world !

This.

 

[Kapone33]

This is why I use AMD software for my GPU.

 

[Merluz]

*sigh*

"aftenburner" and "coconutcharcharcoal" in the first ad link, make me wonder if google is now the biggest and most effective scammer in the world.

 

[ZoneDymo]

I like my Afterburner like I like my shoes,.....laced

 

[xorbe]

Auftenburner, I like it. Zero hits on Google, it's mine!

 

[The King]

This is why I use AMD software for my GPU.

If you download your AMD software from AMD.official,for.real.com then who do you blame?

Msi Afterburner still rocks people who download software from malicious websites have only themself to blame!

You can install free AV plugins from either Malwarebytes or BitDefender in your browser both are free and should block those sites even these downloads.

Malwarebytes Browser Guard – Get this Extension for Firefox (en-US)

Download Malwarebytes Browser Guard for Firefox. The fastest and safest web browsing experience. Secure your privacy by blocking trackers, blocking ads, and blocking malicious content.

addons.mozilla.org

Bitdefender TrafficLight for Firefox – Get this Extension for Firefox (en-US)

Download Bitdefender TrafficLight for Firefox for Firefox. Bitdefender TrafficLight adds a strong and non-intrusive layer of security to your browsing experience

addons.mozilla.org

 

[Kohl Baas]

I never ever open anything from search results starting with "Ad". And even so I check the url just to be sure.

This on the internet is equivalent of looking around before crossing a road. You don't just throw yourself in front of a truck in good faith...

 

[Karti]

On one hand, i am glad i am not forced to use that crap because of using CoreCTRL.. on other... you are forced to use that app full potential only on AMD gpu - because currently that app is linux only and we all know how Nvidia works there

tho if that app would be adopted for Windows brothers, then who knows

 

[P4-630]

I always get it here:

MSI Afterburner 4.6.6 Beta 5 Build 16555 Download

MSI Afterburner 4.6.6 download - Guru3D and MSI have been working hard on AfterBurner, we released an updated Beta revision of Afterburner; this application successfully secured the leading position on graphics card utilities in relation to monitoring and tweaking. We are the only official...

www.guru3d.com

 

[Karti]

I never ever open anything from search results starting with "Ad". And even so I check the url just to be sure.

This on the internet is equivalent of looking around before crossing a road. You don't just throw yourself in front of a truck in good faith...

it is obvious to you, for me and other people here

tho let's face it - it is not that easily obvious to notice that for like bigger part of the people that are using internet

 

[trog100]

i never use it i use palits thundermaster.. silly name but it works fine..

trog

 

[STSMiner]

You should only be getting MSI Afterburner from two places

The developer for the app for MSI - Guru3d for the beta builds and final release builds.

or

MSI themselves

 

[GunShot]

Why would you ever get it from anywhere other than msi.com?

I asked the same exact question for other stuff too that I find super loco. e.g. Why would anyone ever get NVIDIA's, etc. drivers anywhere other than NVIDIA's OFFICIAL site? Why would anyone use any 3rd-party tools (DDU, etc.) to remove drivers rather than the vendors removal tools or system (Windows, etc.) baked-in tools? On and on.

But, many users make-up these very lame shilled/uninformed excuses (mainly due to others persuasions or because an old issue that happened moons ago or they just lack the talent and they need a quick so-called remedy) for today's issues. But, these same users that are utilizing these 3rd-party sources/apps are also wondering at times, why do they continue to have so many performance issues, etc.

WELP!

 

[SomeOne99h]

I always get it here:

MSI Afterburner 4.6.6 Beta 5 Build 16555 Download

MSI Afterburner 4.6.6 download - Guru3D and MSI have been working hard on AfterBurner, we released an updated Beta revision of Afterburner; this application successfully secured the leading position on graphics card utilities in relation to monitoring and tweaking. We are the only official...

www.guru3d.com

Long time ago, MSI released a beta version, but I couldn't find it in their site, and tried then to dig their site but find nothing. Only guru3D would help me on this.
This time MSI is uploading the beta version in their site as the main version.

 

[W1zzard]

*sigh*

View attachment 271599

I added your image to the news post, thanks

 

[STSMiner]

Long time ago, MSI released a beta version, but I couldn't find it in their site, and tried then to dig their site but find nothing. Only guru3D would help me on this.
This time MSI is uploading the beta version in their site as the main version.

The latest version can be found here.
MSI Afterburner 4.6.5 Beta 4 Build 16358

MSI AB / RTSS development news thread

RTSS 7.3.4 Beta 6 Build 27502 is online, changes list is available a few posts above....

forums.guru3d.com

 

[ymdhis]

*sigh*

View attachment 271599

Google search has really become horrible lately. It only has a few pages of results (even when it says it found millions of results, it'll cut them off after you get a few pages in), and it is riddled with fake content all the time. It keeps redirecting me to fake webshops very frequently. Not even just the "ad" results, but the ones below those.

It's incredibly unreliable nowadays.

 

[P4-630]

*sigh*

View attachment 271599

I don't see those ads... Probably because I use uBlock Origin....Which more people should use imo....

 

[STSMiner]

It's like the validation of some of these sites submitted to Google's search engine and others has gone down hill of late.

 

[b1k3rdude]

This is not surpising to I imagine anyone that frequents TPU. And is yet another very good reason why you should at the very least, have an Ad blocker installed in your web browser.

Personally I have PiHole and Unbound(recursive DNS server) installed on a Pi2 to protect my LAN and then U-block origin on all my browsers on all my Desktop/laptops and Adaware on the phone. I have an extra step that if I read the article right blocks this path "injects XMR minor info exploere.exe", if the article is refering to windows explorer, I have that blocked from the internet and only allow access to the LAN via windows firewall, via WFC(WindowsFirewallControl). I block most of Windows10 services/programs from accessing the internet.

 

[BSim500]

This is not surpising to I imagine anyone that frequents TPU. And is yet another very good reason why you should at the very least, have an Ad blocker installed in your web browser.

Personally I have PiHole and Unbound(recursive DNS server) installed on a Pi2 to protect my LAN and then U-block origin on all my browsers on all my Desktop/laptops and Adaware on the phone. I have an extra step that if I read the article right blocks this path "injects XMR minor info exploere.exe", if the article is refering to windows explorer, I have that blocked from the internet and only allow access to the LAN via windows firewall, via WFC(WindowsFirewallControl). I block most of Windows10 services/programs from accessing the internet.

+1 for doing that but personally I don't even bother with a "black-list" Firewall (allow by default, block by exception) anymore. There's so much spyware and telemetry BS these days that I find running a white-list Firewall (block everything by default, allow by exception) is the only sane option.