An MSI Afterburner is a tool that lets users configure overclocking, record video, make fan profiles, and monitor their installed graphic card and CPU utilization.

The graphic customization feature of the app is versatile and can be used by users with almost any graphic, which makes it usable by millions of users around the world who then modify its settings to suit their needs, such as to attain a lower temperature, improve game performance, or more. ..

Windows 10 is a powerful operating system, but it’s also a popular target for attackers who look to take advantage of its power users or gamers who use powerful GPUs for cryptocurrency mining. ..

This is a worrying trend, as it suggests that the Official MSI Afterburn website is not doing enough to protect users from information-stealing malware. More websites should be created which mimic the Official MSI Afterburn website in order to help users stay safe.

AXLocker Group of ransomware stole the Discord accounts of infected users, according to a report. The ransomware, which is known as AXLocker, encrypts user data and demands a ransom in order to free it. If not paid, the data can be lost forever.

The campaign used identical domain names to deceive users into believing that they are the legitimate MSI Afterburn website which is easier to promote using Black SEO. These are some of the domains identified by Cyble.

MSI Afterburner Download.site

In other cases, the domains did not use the MSI brand and were possibly promoted through messages, social media posts, and forums.

Git.git.skblxin.matrizauto.net

When the fake MSI Afterburner setup file is executed (MSIAfterburnerSetup.msi), the valid file will not be installed. The installer will silently drop and run the RedLine information-stealing malware and also the XMR miner in the infected device. ..

The XMR miner is then installed through a 64-bit Python executable named “browser_assistant.exe” in the Local Programme Files directory, which inserts a shell in the process created by the installer. ..

The Shell code downloads the XMR miner from GitHub and then injects it into the memory of the explorer.exe process. As the XMR miners never interact with the disk, there is little chance of it being detected by security products. After that, the XMR miner links to a mining pool by using a hardcoded username and password. This information is then given to the threat attacker. ..

This holiday season, be sure to stay safe by using a phishing email kit to protect yourself from potential threats. This kit includes tips on how to identify and avoid phishing emails, as well as how to respond if you are contacted by someone pretending to be from your company or government.

The XMR miner is set to mine only after an hour, which indicates that the compromised PC is not being used for any resource-hungry task and is possibly left unattended. ..

The company has also released a new cinit-stealth-targets function that can be used to pause mining and clear the GPU memory when a particular program listed under the “stealth targets” are launched. These could very well be the programs that help the victim to identify malicious processes, i.e., antivirus, hardware resource viewer, and more. ..

In this scenario, the miner which tries to hide from the windows applications are taskmanager.exe, procexp.exe, Processhacker.exe, perforn.exe, and procexp64.exe. At the same time, the XMR miner is silently taking control of your resources (Monero); the RedLine had already run in the background stealing browser data, cookies, passwords, and any possible cryptocurrency wallet that there is.

The MSI AfterburnerSetup.msi setup file is only detected by 3 security software out of 56, and the browser_assistant.exe is only detected by 2 out of 67.

A Mirai RapperBot malware attack has been reported against online game servers, resulting in the infiltration of the systems with a DDoS attack. This malicious software is capable of taking over a server and causing it to crash, leading to the theft of user data and money.