If you’ve ever considered overclocking your graphics card, there’s a good chance MSI’s ever-popular overclocking utility Afterburner has crossed your radar. It happens to be our preferred choice, yet as is so often the case on the internet, there are those who seek to dupe users into accidentally downloading spoofed versions of the software laced with malware.
It happens more often than not, sadly, and this time around cyber risk and security analysis firm Cyble Research and Intelligent Labs warns of a number of websites distributing these compromised versions laced with crypto-jacking and information-stealing software.
Since early September, CRIL has observed up to 50 cunningly crafted spoof domains that appear visually identical to MSI’s website. In fact, the results are quite easy to replicate if you don’t have an adblocker installed. A quick search for “MSI Afterburner” more often than not reveals a list of ad-links that supersede the original, and it’s understandable that users might mistake these for the real deal.
As it stands, the fake setup file will install MSI Afterburner but also secretly installs RedLine Stealer – information stealing malware – and XMR Miner to your device without the need for any user consent. RedLine will pilfer all your saved passwords, download your cookies and browser information, while XMR Miner will connect your computer to a mining pool that mines Monero, and will most likely cripple system resources, in turn severely impacting your PCs overall performance. It’s that serious.
So next time, please be extremely careful when downloading any type of software online. Stick to official resources; it’s not the first time this has happened and certainly won’t be the last.