Friday, November 25th 2022
MSI Afterburner Laced with Malware Circulating in the Wild
MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques and ad-placements to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware.
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
Sources:
Cyble, HotHardware
Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
80 Comments on MSI Afterburner Laced with Malware Circulating in the Wild
Ads ARE the malware of the world !
Msi Afterburner still rocks people who download software from malicious websites have only themself to blame!
You can install free AV plugins from either Malwarebytes or BitDefender in your browser both are free and should block those sites even these downloads.
addons.mozilla.org/en-US/firefox/addon/malwarebytes/
addons.mozilla.org/en-US/firefox/addon/trafficlight/
This on the internet is equivalent of looking around before crossing a road. You don't just throw yourself in front of a truck in good faith... :kookoo:
tho if that app would be adopted for Windows brothers, then who knows
www.guru3d.com/files-details/msi-afterburner-beta-download.html
tho let's face it - it is not that easily obvious to notice that for like bigger part of the people that are using internet
trog
The developer for the app for MSI - Guru3d for the beta builds and final release builds.
or
MSI themselves
But, many users make-up these very lame shilled/uninformed excuses (mainly due to others persuasions or because an old issue that happened moons ago or they just lack the talent and they need a quick so-called remedy) for today's issues. But, these same users that are utilizing these 3rd-party sources/apps are also wondering at times, why do they continue to have so many performance issues, etc.
WELP! :kookoo:
This time MSI is uploading the beta version in their site as the main version.
MSI Afterburner 4.6.5 Beta 4 Build 16358
forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-189#post-6073429
It's incredibly unreliable nowadays.
Personally I have PiHole and Unbound(recursive DNS server) installed on a Pi2 to protect my LAN and then U-block origin on all my browsers on all my Desktop/laptops and Adaware on the phone. I have an extra step that if I read the article right blocks this path "injects XMR minor info exploere.exe", if the article is refering to windows explorer, I have that blocked from the internet and only allow access to the LAN via windows firewall, via WFC(WindowsFirewallControl). I block most of Windows10 services/programs from accessing the internet.