Fake, Mallware-filled, versions of MSI Afterburner are in the wild

Phishers are targeting PC gamers with overclocking software that’s filled with miners, password stealers and more

MSI Afterburner is one of the most popular GPU overclocking tools on the market, even for those who do not use MSI made graphics cards. The software is so popular that is is distributed widely across the internet, both from MSI and from 3rd parties. 

While many trusted 3rd parties distribute MSI Afterburner, many of which are tech publications, some sources of MSI Afterburner are attempting to install malware on the PCs of their visitors, infecting versions of MSI’s famed overclocking software with cryptocurrency miners, information stealing software and other unwanted or dangerous add-ons.

Cyble Research and Intelligence Lab (CRIL) have identified 50 fake websites that have distributed fake versions of MSI Afterburner over the past three months, sites that are using SEO techniques, ads, emails, and fake forum posts to lure unsuspecting users to their website through search engines. MSI Afterburner users can easily avoid these fake versions of MSI’s software by downloading their software directly from MSI’s own website. 

Malware infected versions of MSI Afterburner are known to install XMR miners on the PCs of users, stealing their PC’s resources to mine cryptocurrencies. Simultaneously, these illegitimate versions of MSI Afterburner are using tools to steal the sensitive information of users, such as their username, passwords, name, and other data. 

As mentioned before, PC users can easily avoid infected versions of MSI Afterburner by downloading the tool through MSI’s website. 

You can join the discussion on fake versions MSI Afterburner being used to distribute malware on the OC3D Forums.