Malware detected impersonating MSI Afterburner to steal cryptocurrency wallets

PC enthusiasts love MSI's Afterburner utility, and it's easy to see why. The free GPU monitoring software can be used for everything from overclocking to checking your graphics card temperature to capturing gameplay footage and more, but it genuinely works with every Nvidia GeForce and AMD Radeon — a flexible feature unmatched by most rivals. However, crackers are now recognizing Afterburner's potential for tricking individuals into downloading malware, MSI warns.

It appears that certain malicious users have developed a copy of the MSI Afterburner download website under the fake domain "afterburner-msi.space" in an attempt to trick users into downloading software that could contain all kinds of malware. In fact, upon visiting the site — if you dismiss the browser warnings — you can observe an unusually high resource load that is already cause for suspicion.

The malware contained in the downloads is a new variant of the Redline InfoStealer, responsible for stealing cryptocurrency wallets such as Ethereum, Electrum, or Exodus. Additionally, it allows the attacker to execute remote tasks and steal VPN network credentials.

This morning, the company published an announcement:

"MSI is informing the general public of a malicious software program that is disguising itself as the official MSI Afterburner software program. The malicious software program is being illegally hosted on a suspicious website impersonating the official MSI website at the domain https://afterburner-msi.space. MSI has no relationship with this website or the aforementioned domain.

The fraudulent website mimics the official look and design of the MSI web page, and offers downloads for MSI Afterburner. This website is hosting an internet software program that may include viruses, trojans, keyloggers, or different types of trojan horses disguised to appear as MSI Afterburner. DO NOT DOWNLOAD ANY SOFTWARE FROM THIS WEBSITE."

Pay close attention to the warning. If you have already downloaded the fake version of Afterburner, you should definitely clean your system and run full scans with your security software.

MSI is already taking action on the matter

MSI says that "Mandatory actions to remove the malicious impersonator website are underway," and the perpetrator already appears to be offline. Nevertheless, this serves as a reminder that it is best to obtain software only from official sources.

You can download the official, malware-free version of Afterburner from the MSI website. And in case you need help protecting your PC, one of the best antivirus software programs is Windows Defender, which you can run at no cost on your Windows machine to check for any traces of malware on your system.