MSI Afterburner Laced with Malware Circulating in the Wild

EVGA Forum Moderator
  • Total Posts : 96058
  • Reward points : 0
  • Joined: 2004/10/05 12:44:35
  • Location: Netherlands
  • Status: offline
  • Ribbons : 81
2022/11/24 23:32:55 (permalink)
MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware.

Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help.
Make sure you download MSI afterburner from the source. 

AMD Ryzen 9 7950X,  Corsair Mp600 Pro M.2, 32GB Corsair DDR5  X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA


4 Replies Related Threads

    EVGA Forum Moderator
    • Total Posts : 9307
    • Reward points : 0
    • Joined: 2003/10/13 22:10:45
    • Location: Eugene, OR
    • Status: offline
    • Ribbons : 4
    Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/25 08:48:57 (permalink)
    It’s always best to make sure you are visiting the main manufacturer website to download software. Sometimes even well known sites that mirror files will occasionally get a bad file it’s not common but it has happened.

    Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. 
    Insert Custom Title Here
    • Total Posts : 73000
    • Reward points : 0
    • Joined: 2006/12/14 22:10:06
    • Location: Santa Clarita, Ca.
    • Status: offline
    • Ribbons : 115
    Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/25 10:31:06 (permalink)
    Well that's not good.   

                My Affiliate Code: 8WEQVXMCJL
            Associate Code: VHKH33QN4W77V6A

    EVGA Forum Moderator
    • Total Posts : 24355
    • Reward points : 0
    • Joined: 2013/11/13 02:48:57
    • Location: East Coast
    • Status: offline
    • Ribbons : 79
    Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/26 03:24:42 (permalink)
    This has been like this for years. Afterburner websites that are full of malware are not new, so people jus tend to be reminded constantly that the software needs to come directly from the developer… heck, people are still asking is evga-us dot com is actually an evga website even though the answer has been up for two full years. If there isn’t constant hand holding, people will blame the manufacturer that had nothing to do with their problem.
    • Total Posts : 2958
    • Reward points : 0
    • Joined: 2006/05/08 10:11:19
    • Status: offline
    • Ribbons : 22
    Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/27 00:55:12 (permalink)
    It's new that the site offering the malware Afterburner was being promoted by google as an Advertisement at the very top of search results. People often just click those because they go to the official site anyway, except in this case Google was taking people to the site impersonating the real one. 

    Have water, will cool. 
    Jump to:
  • Back to Mobile