Shulou(Shulou.com)11/24 Report--

CTOnews.com According to the latest report released by security company Cyble, at least 50 security incidents have occurred in the past three months after players visited the official website of fake MSI Afterburner, their information was stolen and personal devices were used for mining.

CTOnews.com understands that these phishing sites include, but are not limited to, the following domain names:

msi-afterburner--download.site

msi-afterburner-download.site

msi-afterburner-download.tech

msi-afterburner-download.online

msi-afterburner-download.store

msi-afterburner-download.ru

msi-afterburner.download

mslafterburners.com

msi-afterburnerr.com

In some cases, the domain names used by hackers are not branded like MSI, and are likely promoted through direct messages, forums and social media posts. Examples include:

git[.] git[.] skblxin[.] matrizauto[.] net

git[.] git[.] git[.] skblxin[.] matrizauto[.] net

git[.] git[.] git[.] git[.] skblxin[.] matrizauto[.] net

git[.] git[.] git[.] git[.] git[.] skblxin[.] matrizauto[.] net

Once users visit these phishing sites and download the MSI Afterburner installation file (MSIAfterburnerSetup.msi), RedLine information stealing malware and XMR mining programs will be quietly dropped and run during the installation process.

Mining is installed via a 64-bit Python executable named "browser_assistant.exe" in the local Program Files directory, which injects shell code into the process created by the installer. One of the parameters used by XMR miners is that CPU Max threads is set to 20, higher than most modern CPU threads, so it is set to capture all available power.

Legal MSI Afterburner can be downloaded directly from MSI at www.msi.com/Landing/afterburner/graphics-cards.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.