This fake MSI Afterburner is going after gamers' passwords

Password
(Image credit: reklamlar)

Advanced PC users who like to tweak how their GPU performs are being targeted with malware, researchers are saying. 

A number of websites have been detected advertising a fraudulent version of MSI Afterburner, which instead installs cryptocurrency miners and infostealers on the affected endpoints.

MSI Afterburner is a program that allows users to modify how their graphics cards behave, allowing users to tweak overclocking, track the card’s temperature, and many other tasks. Even though it was built by PC maker MSI, it works with almost any graphics card, which soon propelled it to stardom in the gaming and PC power-user communities - but now also seems to have made it a target for criminals. 

Mining cryptos with GPUs

Cybersecurity researchers from Cyble say they have discovered more than 50 websites pretending to be the official MSI Afterburner site in just the last three months. 

The sites often push cryptocurrency miners for Monero, and an information-stealing trojan called RedLine Stealer. Most of the discovered domains are typosquatted, it was added, but there were also some that had nothing to do with MSI, whatsoever. 

High-end graphics cards are an important tool for cryptocurrency miners, as they allow them to generate the valuable tokens more efficiently. That’s why, in the last couple of years, the prices of flagship GPU models have been steadily increasing, while the supply of the cards was all but depleted. It is also why targeting MSI Afterburner with a cryptocurrency miner makes sense.

However, since Ethereum (the world’s second-largest blockchain network by market capitalization, second only to Bitcoin) moved from proof-of-work (mining) to proof-of-stake (staking), the popularity of mining has been declining. The rising costs of electricity and the bear market cryptocurrencies are currently experiencing (bitcoin dropped from $69,000 last November to roughly $16,000 this November) have all played their part.

Still, for cybercriminals who’d hijack other people’s endpoints for mining, the tokens’ price fluctuations mean very little. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.