MSI Afterburner Laced with Malware Circulating in the Wild - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

MSI Afterburner Laced with Malware Circulating in the Wild

Author Post Essentials Only Full Version
rjohnson11 EVGA Forum Moderator Total Posts : 102262 Reward points : 0 Joined: 2004/10/05 12:44:35 Location: Netherlands Status: offline Ribbons : 84 2022/11/24 23:32:55 (permalink) https://www.techpowerup.com/301461/msi-afterburner-laced-with-malware-circulating-in-the-wild MSI Afterburner is arguably the most popular graphics card overclocking utility, and the best place to find it is the MSI website. There are several other sites that redistribute the utility, many of them are trustworthy PC enthusiast tech publications; but some of them are not. There are some dubious websites that are using SEO techniques to find their way into online search results, appearing to be download mirrors for MSI Afterburner. While some of these sites are just in it for some web-traffic ad revenue, others downright spoof the MSI website (i.e. are visual clones), and host redistributables of Afterburner, only these have a more sinister motive—to infect you with malware. Cybersecurity researchers at Cyble identified such spoof websites that are visually identical to the MSI website; which host modified versions of the Afterburner software laced with malware. This malware can infect your PC with a multitude of bad stuff, including cryptojacking (using your PC's system resources to mine cryptocurrency for the attacker); and data-theft. Cyble deconstructed the malware-laced Afterburner installer in a bid to identify its nature. Apparently it uses Monero XMR miner software to mine cryptocurrency. Apparently the attacker repackaged Afterburner into a custom installer that, in addition to installing Afterburner, fetches XMR miner from the Internet and infects Windows Explorer (explorer.exe) with a cryptojacking payload. The easiest way to avoid this is sticking to known sources such as the MSI website (www.msi.com); or known websites authorized to redistribute Afterburner. If infected, SFC (system file checker), coupled with Windows Defender or other popular antivirus software should help. Make sure you download MSI afterburner from the source. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #1 4 Replies Related Threads
Hoggle EVGA Forum Moderator Total Posts : 10101 Reward points : 0 Joined: 2003/10/13 22:10:45 Location: Eugene, OR Status: offline Ribbons : 4 Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/25 08:48:57 (permalink) It’s always best to make sure you are visiting the main manufacturer website to download software. Sometimes even well known sites that mirror files will occasionally get a bad file it’s not common but it has happened. Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. #2
XrayMan Insert Custom Title Here Total Posts : 73000 Reward points : 0 Joined: 2006/12/14 22:10:06 Location: Santa Clarita, Ca. Status: offline Ribbons : 115 Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/25 10:31:06 (permalink) Well that's not good. My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A &nbsp #3
the_Scarlet_one formerly Scarlet-tech Total Posts : 24581 Reward points : 0 Joined: 2013/11/13 02:48:57 Location: East Coast Status: offline Ribbons : 79 Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/26 03:24:42 (permalink) This has been like this for years. Afterburner websites that are full of malware are not new, so people jus tend to be reminded constantly that the software needs to come directly from the developer… heck, people are still asking is evga-us dot com is actually an evga website even though the answer has been up for two full years. If there isn’t constant hand holding, people will blame the manufacturer that had nothing to do with their problem. TSgt Matthew Schwartz SrA Bryan Bell A1C Matthew Seidler SSgt Joseph Fankhauser #4
kougar CLASSIFIED Member Total Posts : 3034 Reward points : 0 Joined: 2006/05/08 10:11:19 Status: offline Ribbons : 22 Re: MSI Afterburner Laced with Malware Circulating in the Wild 2022/11/27 00:55:12 (permalink) It's new that the site offering the malware Afterburner was being promoted by google as an Advertisement at the very top of search results. People often just click those because they go to the official site anyway, except in this case Google was taking people to the site impersonating the real one. Have water, will cool. #5

Jump to:

Back to Mobile