Fake MSI Afterburner is infecting users with crypto miners and info-stealers

Windows gamers are being targeted by fake MSI Afterburner. Several fraudulent websites are serving fake MSI Afterburner that is installing cryptocurrency and information stealers on affected computers.

Security researchers from Cyble discovered more than 50 websites pretending to be the official MSI Afterburner site. These sites are serving cryptocurrency miners for Monero and RedLine Stealer trojan. Most of these sites are using typosquatted domains.

Cybercriminals are using Black hat SEO to rank these fake sites high in search results to get visitors from Google searches. Any person who downloads the fake MSI Afterburner setup file from these sites mistakenly installs RedLine information-stealing malware and an XMR miner on the system.

This fake software retrieves the XMR miner from a GitHub repository. The crypto miner connects to a mining pool and uses a hardcoded username and password to start crypto mining. This miner has been configured to use the max CPU power.

MSI Afterburner lets users modify the behavior of their graphics cards. Users can overclock the CPU, track GPU’s temperature, and perform many other tasks. MSI Afterburner works with almost any graphics card. So, most gamers and power users use this tool to tweak the performance of their system.

To stay safe, download MSI Afterburner from the official website. Here’s the link: www.msi.com/Landing/afterburner/graphics-cards