Your Copy of MSI Afterburner Could Be Bloated With Crypto Malware

Jason R. Wilson
Image source: J. Wilson, Wccftech.

Illegitimate versions of MSI's popular Afterburner GPU OC utility have been found to install malware on users' PCs, notes cybersecurity specialists at Cyble. This new wave of malware is being discovered, but it is not the only software that this could happen to.

Cyble researchers discover that corrupted MSI Afterburner software packages found from unofficial websites are ripe with malware

Most of us are guilty of this action.

Related StoryJason R. Wilson
Intel Offers Support As Part of “Warranty Obligations” To Russia & Belarus

You get a new graphics card, processor, or device for your PC, and you need to download software. Most of the time, you would think of going to the company's official website to download the required software, and sometimes you would search on Google to find the proper file, clicking the first link that pops up and click "Install." The very next thing you know is your antivirus software is going crazy or ignoring the situation, and your computer is infected.

The "pathway of destruction" of the XMR miner infection chain. Image source: Cyble via TechPowerUP.

This scenario happens more often than the everyday user realizes. The researchers at Cyble located websites that would appear as an official part of MSI's Afterburner website or a mirror of the company's software download page. Without blinking an eye, the malware is injected into your PC system. Suddenly, you divulge important information about bank records and other critical data, or your system is remotely used for data or crypto mining. Several different situations could happen, but with MSI Afterburner, those are the few significant issues that have arisen.

Fake download page versus real download page. Image source: Cyble via TechPowerUP.

The malware uses Monero XMR, allowing users to remotely mine crypto from another location. Cyble found that the hacker can create a custom Afterburner install package that will locate the Monero XMR install file somewhere on the web and then attaches itself to the Windows Explorer executable file (explorer.exe) and installs the malware onto the system.

Links that state "Ad" next to them are fake, where as the link that is from MSI's official website is real. Image source: TechPowerUP.

The best action for any user is to stick with the primary manufacturer's websites and official download pages for each company. One should never resort to an internet search for the file unless you maintain an awareness of where the file is coming from or what location you are downloading from (i.e., a trusted source the user has used in the past).

News Sources: TechPowerUP, Hot Hardware, Cyble

Share this story