- Security researchers from Cyble have published a new report regarding fake and infected MSI Afterburner software.
- The infected MSI Afterburner is distributed through a couple of websites that impersonate MSI’s official Afterburner download page.
- The fake MSI Afterburner installs a legitimate version of the software, but also XMR miner and RedLine info-stealer malware.
The cyber intelligence company Cyble has published a new report regarding the fake MSI Afterburner websites and software. According to the report, some impersonating websites deceive users to download an infected version of MSI Afterburner which actually installs the legitimate software alongside a crypto miner and info-stealing malware.
XMR and RedLine malware
MSI Afterburner is widely used by gamers with powerful systems, which makes them great targets for mining
The infected version of MSI Afterburner also installs RedLine info-stealing malware and XMR miner to the target device. To install XMR miner, the fake Afterburner uses an executable named browser_assistant.exe and it is set to utilize up to 20 CPU threads, which is way above most current PCs’ thread counts.
However, it is also set to run after 60 minutes of idle time, and it stops mining activity when specific programs run, such as Taskmgr.exe, ProcessHacker.exe, perfmon.exe, procexp.exe, and procexp64.exe; the users might not even be able to notice it except for the noise from the CPU and case fans.
MSI Afterburner is a very popular system monitoring and overclocking software that is mostly used by gamers and overclockers. Both of those groups prefer higher-tier hardware, which makes their PCs great targets for mining activities.
Users should be checking the links on the browser while they are trying to download MSI Afterburner. You can use the official link below to safely download the latest version of it: