Hackers Exploiting MSI Afterburner to Ship Coin Miner

Cyble Analysis & Intelligence Labs (CRIL) not too long ago uncovered a phishing marketing campaign utilized by risk actors to ship cryptocurrency miner softwares utilizing utility software program instruments.

This specific marketing campaign exploited the well-known MSI Afterburner, used broadly by avid gamers and different high-performance computing customers. On account of being one of many better-known graphics card software program used to observe system efficiency, enable customers to switch the {hardware} settings to boost the system’s efficiency and to overclock the most effective graphics playing cards available on the market.

The risk actors make use of varied strategies to distribute the malware together with using emails, on-line commercials, boards, and different mediums. Within the final three months, Cyble has recognized roughly 50 phishing web sites, all focusing on MSI Afterburner to ship malware. 

The risk actors who created these web sites made certain to design refined phishing pages that mimicked the authentic MSI Afterburner websites to lure customers into downloading coin-miner malware that carried out the crypto-mining course of.

Nonetheless, fraudulent web sites will be noticed by wanting on the domains. Cyble has recognized among the pretend domains, similar to (MSI-afterburner-download.web site), (msi-afterburner.obtain) and (mslafterburners dot com.) Some are already offline, however extra are more likely to present up.

The payload of malware is delivered bundled with authentic MSI Afterburner installers and after set up, it begins the method of hijacking the sufferer’s laptop, gathering delicate info similar to laptop identify, username, GPU, CPU, and different particulars from the system. The technical particulars are defined in Cyble’s evaluation report. 

Crypto mining requires devoted {hardware} like GPUs as a result of it’s a energy and resource-intensive exercise. By hijacking the processing energy of the sufferer’s machine, the risk actors can mine cryptocurrencies with out their consent. This severely decreases the sufferer’s total system efficiency and drains their system assets, considerably affecting the productiveness of the sufferer person or group. 

There are fairly just a few measures that customers can take to make sure that their machine doesn’t turn out to be a sufferer of such a phishing marketing campaign. It’s suggested that you just verify your system efficiency and CPU utilization periodically, keep away from downloading pirated software program from Warez/Torrent and depend on official web sites solely.

Furthermore, activate the automated software program replace function in your units, use reputed antivirus, chorus from opening untrusted hyperlinks and e-mail attachments and monitor endpoints and servers for sudden spikes in CPU and RAM utilization that might reveal potential malware an infection.