Popular overclocking software MSI Afterburner It is one of the most used programs in the world for monitoring video cards and improving performance. And maybe that’s why malicious hackers targeted it to infect unsuspecting users’ computers with malware.
Anyone looking for MSI Afterburner is usually more computer accustomed and not deceived by any malware scams. However, as reported by cybersecurity company Cyble, this trick can catch even veterans off guard as hackers have copied MSI’s official website.
As you can see in the image above, when comparing the two pages, the malware site did everything to look as close to the real thing as possible. The download actually installs MSI Afterburner, but comes with Monero XMR malware to extract hidden cryptocurrencies using your PC’s performance. The diagram below shows the sequence of infection events:
To add insult to injury, malicious sites are already leveraging a widely criticized Google feature – the search app shows that ads look like results before the real thing. Cyble shows this in another screenshot:
The first four results are not official MSI website. As we know, the warning that this is an ad is not the biggest one, and a distracted person might click on one of them, thinking it’s official. If the page that opens is a copy of the real page, it will be very difficult for the person to realize that they have clicked on the wrong page.
In addition to making sure you only download from official or trusted sources, our advice is to always keep your antivirus and computer protection software up to date. Most would detect malware like this.
Source: Tec Mundo
