Fake MSI Afterburner Sites Delivering Coin-Miner

[PawGo]

And we have another case of popular application infected by our lovely XMR miner. This time it is Afterburner, one of favourite apps for GPU users. Overclocking, undervoltage and now additionally mining

More details: https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/

What we may say? Always always use the producers website, never download applications from unknown/strange sources.

[Hispo]

Well, thanks for the information.
It is well-known that hackers and criminals will try almost anything to infect our computers with malware. Monero mining malware has been a trend this year judging from what I have read around.

It is another reason not to click on anything we are not 100% sure it is the actual webpage we want to access to.

Also, since this news have little to do with Bitcoin, wouldn't be better if you moved it to Scam accusations or Beginners & Help?, just my opinion.

[elda34b]

Maybe press or mining section would be better. Honestly avoiding this stuff should be easy since the download page of the fake app itself looks low quality. A harder one would be a website mimicking the real MSI site and redirect their user traffic with DNS redirection, but I don't think this is common for this purpose.

[PawGo]

Honestly avoiding this stuff should be easy since the download page of the fake app itself looks low quality. A harder one would be a website mimicking the real MSI site and redirect their user traffic with DNS redirection, but I don't think this is common for this purpose.

If one never used the real app and just try to google for 'afterburner' the first result wins. Many times people read some articles or watch videos and there is no obvious link to the software, so they try to find it them self.
I have just tried to do it myself, 1st link goes to MSI web site, but 2nd and 3rd goes to other sites (guru3d and techspot) but they have 'Download' word in the page title, so someone who wants to download software as quick as possible would probably choose them.

[swogerino]

And we have another case of popular application infected by our lovely XMR miner. This time it is Afterburner, one of favourite apps for GPU users. Overclocking, undervoltage and now additionally mining

More details: https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/

What we may say? Always always use the producers website, never download applications from unknown/strange sources.

This is something that depends on the end user education,in such case the people who are miners,home and professionals,they may have a slight chance at infecting some home miners but I doubt they will have any success toward people dealing with computers and mining from a lot of time.I think everybody knows by now to only download critical software only from the website of the manufacturer.

We have seen a lot of XMR "miners" coming up and attacking a couple of years ago and most likely they were targeting torrent sites where people download all of kind of stuff without worrying to much what malware such sites could inject,it was truly popular just a couple of years ago when XMR was in trend and such sites as soon as you opened them they started using your CPU to mine XMR.

[OgNasty]

And we have another case of popular application infected by our lovely XMR miner. This time it is Afterburner, one of favourite apps for GPU users. Overclocking, undervoltage and now additionally mining

More details: https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/

What we may say? Always always use the producers website, never download applications from unknown/strange sources.

I especially wouldn't think there would be a need to download Afterburner from anywhere but their main site, but I guess people get directed in crazy ways these days.  At first I thought it was probably dumb to target Afterburner, since miners would certainly notice if their rig was mining and reducing their hashrate, but then it dawned on me that they probably don't care how many people catch it, so long as the people who miss it have good GPUs, which is likely why they'd target Afterburner.  Be safe out there.  Bad folks are out there trying to steal whatever they can from you.

[348Judah]

always use the producers website, never download applications from unknown/strange sources.

Downloading from different sites could lead to being prone to an attack from those that attached a file apk malware with the intended app to download, this is one of the ways they initiate their attacks through apps download  and it has always been recommended to ensure making a download from the official site after thorough verification, there are also punicode hacks that enables them to create an identical site with almost same resemblance to the original one, they uses only special key symbols to make a difference frombthe original one by creating a fake site, we must always be at alert against such as well.

[hatshepsut93]

What we may say? Always always use the producers website, never download applications from unknown/strange sources.

When you try to run an .exe file on Windows that doesn't have a verified signature, the system tries to warn you that it's a bad idea. People got used to dismissing such warnings without thinking, but if they listened to their own system, they would allow like 99.9% of viruses.  Because downloading pirated software from bad sources, usually first google results, is the most common vector for spreading malware.

[dothebeats]

I always do scans before I install, and I guess it should be a common practice now that almost every app out there can be infected with miners and other such unwanted malware that could destroy your pc. I think we've already had this similar issue with AMD drivers a year or two again, but this time hackers are really clever because they targeted a software that may not seem to be the cause of spikes in GPU usage because it's an overclocking tool. For everyone who wants to OC their cards to achieve whatever performance they want, just go to their official site and scan for any potential threats. Better spend that extra minute or two than regretting everything in the end.