Once installed, the miner connects to its pool using a hard-coded username and password, and then collects and transmits basic system data to attackers. But at the same time, the installer silently downloaded and launched the RedLine malware, which specializes in data theft, and the XMR miner on the victim’s device. Running the fake MSI Afterburner setup file (MSIAfterburnerSetup.msi) from these sites installed the real Afterburner. In other cases, the domains did not attempt to imitate the MSI brand and were likely promoted directly through private messages, forums, and social media: The researchers say that the campaign they found used various domains that could be mistaken by users for the official MSI website (besides, such resources were easier to promote using “black hat SEO”). MSI Afterburner is the most popular GPU overclocking, monitoring and fine-tuning tool that can be used by owners of almost any video card, and thanks to this, it is quite naturally used by millions of gamers around the world.Īlas, the popularity of the utility has made it a good target for cybercriminals who abuse the fame of MSI Afterburner to attack Windows users with powerful graphics cards that can be used for cryptocurrency mining. Let me remind you that we also talked that Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer, and also that IS Specialists Discovered a New Version of Malware from Russian Hackers LOLI Stealer.
Over the past three months, more than 50 such fake resources have appeared on the network. According to cybersecurity specialists from Cyble, attackers distribute miners and the RedLine infostealer using download sites for the fake MSI Afterburner utility.
0 kommentar(er)
