Thieves introduces malicious version of MSI Afterburner in campaign with over 50 sites, focused on stealing data and cryptocurrency from gamers
November 24
2022
– 17:10
(updated at 6:43 p.m.)
Scammers use a fake version of the MSI Afterburner overclocking application to steal data and cryptocurrency. The wave of attacks, of course, focuses on gamers playing on PCs, while the malicious campaign includes 50 websites that mimic the appearance of genuine domains to induce downloads of the contaminated version of the software.
Malicious SEO tools are also used to mark pages that may appear in search results related to legitimate software. Also helping in the campaign is the fact that the installer effectively brings MSI Afterburner to the computer, along with RedLine, an application that steals information from the computer, and also a miner for the Monero cryptocurrency (XMR).
Malware starts running on your computer as a process called “browser_assistant”, which runs every time you restart Windows. The program downloads the miner from a repository on GitHub, and injects it directly into memory as a way to reduce the chance of detection and uninstallation.
The blight has also drawn attention for other stealth capabilities, such as detecting certain software, such as security tools and heavier applications, for immediate interruption of operations and a schedule in which mining only starts after 60 minutes of inactivity. Thus, the chances that the user will not notice what is happening increases, because viruses of this type are very consuming device resources, and the user easily notices that something is wrong.
Meanwhile, the old Redline Stealer does its usual tasks, which is to scan the browsers installed on your computer for credit card details and passwords saved in the browser. However, the campaign’s focus appears to be on cryptocurrency miners, due to capabilities considered advanced to hide from detection, whether by security software or by the user themselves.
How to avoid downloading fake and dangerous apps
The main recommendation for users is to be careful when downloading and running applications. The ideal is to pay attention to the sites and domains accessed, avoiding downloading solutions outside the official spaces of the companies that develop the solutions; Additional attention should be paid to URLs that are similar to, but not necessarily the same as, legitimate URLs.
Give preference to recognized app stores or official means of searching for software, especially when it comes to recognized devices or companies. You should also be careful when downloading pirated or cracked games, applications or other resources, as well as links to download data received via social networks or instant messengers.
source: Sybil
Trending on Canaltech:
🇧🇷The best content in your email for free. Choose your favorite Terra newsletter. click here!
“Friendly zombie fanatic. Analyst. Coffee buff. Professional music specialist. Communicator.”
