Fake MSI Afterburner Installs Coin Miner, Password Stealer On Affected Systems

Fake MSI Afterburner
Image Credit: MSI

You should verify that you have the authentic MSI Afterburner if your system has been running slowly. A recent phishing operation to use fake MSI Afterburner software to infect gamers with cryptocurrency miners and information thieves has been discovered by Cyble Intelligence and Research Lab. Over the past three months, the company has discovered about 50 fake websites.

One of the more well-known programs for managing, adjusting, and overclocking the top graphics cards available is MSI Afterburner. Therefore, it is not surprising that threat actors are using MSI’s software as a ruse. Also, MSI Afterburner has been the target of criminal activity before.

A similar situation was discovered by MSI last year. However, it appears that threat actors are back at it. Since AMD is about to release the Radeon RX 7900-series devices and Nvidia is releasing its GeForce RTX 40-series graphics cards. There was never a better time for the thieves to open for business.

Also Read: Microsoft Adding Sign Language Feature View in Teams.

Mining covertly while obtaining your credentials

Image Credit:

The genuine Afterburner program will be installed when the phony MSI Afterburner setup file is run. However, alongside the Afterburner, the fake MSI app will also install The XMR miner and information-stealing malware RedLine.

A 64-bit Python application called “browser assistant.exe” in the local Program Files directory is used to install the miner by injecting a shell into the installer’s process.

By immediately injecting the XMR miner into memory within the explorer.exe process, this shellcode downloads it from a GitHub repository. The likelihood of a security product detecting the miner is reduced because it never touches the disc.

The miner gathers and exfiltrates basic system data to the threat actors after connecting to its mining pool using a hardcoded username and password.

With its “CPU max threads” argument set to 20, which is higher than the majority of modern CPU thread counts, the XMR miner is configured to use all of the available power.

Also Read: Google Pixel 7a Details Leaked, Here Are the Key Highlights.


Leave a Reply

Your comments will appear once it is approved by a moderator.


VPN by Google One

VPN by Google One Available on Pixel 7 and Pixel 7 Pro in Select Areas


Microsoft New Update Brings Fixes for Windows 11 Gaming Issue