Be careful where you download MSI Afterburner from
This story comes from CRIL (Cyble Intelligence and Research Lab), who have realized that there are several active campaigns of phishing that use the well-known MSI Afterburner software to install an XMR (Monero) miner on users’ PCs, taking advantage of the fact that the protocol of this cryptocurrency allows transactions to be obfuscated. In addition, it seems that the miner does not activate until the CPU has been idle for at least 60 minutes, so they make sure that the user does not notice the slow performance of the PC.
In other words, these fraudulent versions install a miner that takes advantage of your hardware to mine, but also, according to the published report, to steal information. This has been discovered on more than 50 malicious websites.
MSI Afterburner is a software designed to be able to overclock the graphics card, as well as to monitor its parameters and, in conjunction with Rivatuner, even to create an overlay in games that allows you to see the FPS, temperatures, etc. For this reason, it is one of the most popular software that a large number of users have installed on their PC.
However, this great popularity has served cybercriminals as a way of distributing their malware, and this is not the first time it has happened. Furthermore, this time it is quite serious since, according to the source, this campaign includes not only download links to fake software on certain web pages, but also download links in emails and even advertising in all kinds of media.
The domains used by these fraudulent web pages often include the name of M: YESand they are of the type msi-afterburner-download.site for example, making it not too complicated to “chop” if the user is not too attentive.
Where to download the software with guarantees?
It is not the first time that MSI has been forced to come to the fore to warn users, since something very similar happened in the past, and also with its Afterburner tool. Without going any further, last year the company warned in an official statement that we should be careful with false web pages that aimed to deceive users by impersonating the identity of the company.
For this reason, if you intend to download MSI Afterburner in the near future to install it on your PC (or to update the version you currently have), we recommend that you take special care and do so only from its official website, making sure that the domain is msi.com and no other. And, if you have installed it recently, as we have told you at the beginning, the recommendation is to scan your PC in search of possible viruses and malware, lest you have gotten confused and downloaded it from one of these fraudulent sites.