Fake MSI Afterburner Sites Inject Coin-Miner Into Software installer

Published by


We post this information so clearly on our download pages; the only two official places to download MSI AfterBurner from are Guru3D.com and MSI.com

As it seems there are fake builds of MSI AfterBurner available on the web. As many as 50 fake websites are now delivering an infected version. It installs MSI afterburner and also injects extra code. 

Cyble Intelligence and Research Lab (CRIL) recently discovered a phishing campaign using phoney MSI Afterburner software to infect gamers with bitcoin miners and information stealers. Over the last three months, the company has detected approximately 50 bogus websites. The phishing sites are identical to MSI's official Afterburner download page. The domain names can be used to detect fraud. Some of the phoney domains have been spotted by Cyble, including msi-afterburner-download.site, msi-afterburner.download, and mslafterburners.com. Some are already offline, but others will undoubtedly join them. The malware infects the victim's machine with an XMR miner that connects to a mining pool in the background to harvest Monero. Meanwhile, the malware steals critical information such as the hijacked user's machine name, login, and other data.

If you have a new graphics card or need to reinstall MSI Afterburner, make sure you download it through MSI's website or at Guru3D.com (we are the creators of this software) rather than a third-party distributor. 

When using Google, carefully examine the website's URL before clicking. Use common sense and never ever download software from another party, even if you consider them trusted, as they could be unknowingly distributing malware.

Fake MSI Afterburner Sites Inject Coin-Miner Into Software installer

Share this content
Twitter Facebook Reddit WhatsApp Email Print