Cyble researchers discover that corrupted MSI Afterburner software packages found from unofficial websites are ripe with malware
Most of us are guilty of this action. You get a new graphics card, processor, or device for your PC, and you need to download software. Most of the time, you would think of going to the company’s official website to download the required software, and sometimes you would search on Google to find the proper file, clicking the first link that pops up and click “Install.” The very next thing you know is your antivirus software is going crazy or ignoring the situation, and your computer is infected. This scenario happens more often than the everyday user realizes. The researchers at Cyble located websites that would appear as an official part of MSI’s Afterburner website or a mirror of the company’s software download page. Without blinking an eye, the malware is injected into your PC system. Suddenly, you divulge important information about bank records and other critical data, or your system is remotely used for data or crypto mining. Several different situations could happen, but with MSI Afterburner, those are the few significant issues that have arisen. The malware uses Monero XMR, allowing users to remotely mine crypto from another location. Cyble found that the hacker can create a custom Afterburner install package that will locate the Monero XMR install file somewhere on the web and then attaches itself to the Windows Explorer executable file (explorer.exe) and installs the malware onto the system. The best action for any user is to stick with the primary manufacturer’s websites and official download pages for each company. One should never resort to an internet search for the file unless you maintain an awareness of where the file is coming from or what location you are downloading from (i.e., a trusted source the user has used in the past). News Sources: TechPowerUP, Hot Hardware, Cyble