TECH NEWS – One of the most commonly used programs (used to adjust the fan speed of your video card, for example) can be harmful if you’re not careful.
MSI Afterburner is good for lowering the clock speed of your GPU (so it doesn’t overheat despite faulty fans – speaking from experience…) or even cranking it up. However, the non-factory (bootleg, so to speak) version of the program can install unwanted extras on your PC, according to Cyble (https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/), a cybersecurity company. Afterburner installers not directly from the MSI site can be corrupted, so you can get a lot of malware on top of what you expect.
After setting up a new PC, it can be common to poke the first hit in Google search and download drivers for the processor or graphics card, and if you’re not careful, your anti-virus software can quickly alert you. It is a common occurrence, according to Cyble. The site has come across several copies of MSI’s Afterburner page, so it’s easy for unauthorized hands to get hold of your bank details or for your PC to start mining crypto. None of it sounds good, but malware is dangerous for several reasons.
The malware uses Monero XMR, so its users can remotely mine crypto. According to Cyble, the hacker can create a custom Afterburner installation package that finds the Monero XMR installer on the web, attaches itself to your Windows browser (explorer.exe), and installs the malware from there. For this reason, it is recommended that you download what you need directly from the manufacturers’ websites (Intel, AMD, Nvidia…) instead of using Google search, as these do not give you a “bonus.”
The first picture below shows the difference between the fake and the actual Afterburner download page (the font and the install button are slightly different). The second picture highlights that all the pages marked as Ad in Google search are fake and not reliable, and it is a bit sad that the actual MSI page is the fifth result when it should be the first. (It does not reflect well on Google if you think about it…)