That is, the malware is configured to capture all the available power of the infected machine.Īt the same time, the malware starts mining cryptocurrency only 60 minutes after the processor goes into standby mode, that is, it makes sure that the infected computer does not perform any resource-intensive tasks and, most likely, was left unattended. ![]() In this case, the value of CPU max threads is set to 20, exceeding the number of threads even for the most modern processors. Once installed, the miner connects to its pool using a hard-coded username and password, and then collects and transmits basic system data to attackers. But at the same time, the installer silently downloaded and launched the RedLine malware, which specializes in data theft, and the XMR miner on the victim’s device. Running the fake MSI Afterburner setup file (MSIAfterburnerSetup.msi) from these sites installed the real Afterburner. In other cases, the domains did not attempt to imitate the MSI brand and were likely promoted directly through private messages, forums, and social media: The researchers say that the campaign they found used various domains that could be mistaken by users for the official MSI website (besides, such resources were easier to promote using “black hat SEO”). MSI Afterburner is the most popular GPU overclocking, monitoring and fine-tuning tool that can be used by owners of almost any video card, and thanks to this, it is quite naturally used by millions of gamers around the world.Īlas, the popularity of the utility has made it a good target for cybercriminals who abuse the fame of MSI Afterburner to attack Windows users with powerful graphics cards that can be used for cryptocurrency mining. Let me remind you that we also talked that Djvu Ransomware Spreads via Discord, Carrying RedLine Stealer, and also that IS Specialists Discovered a New Version of Malware from Russian Hackers LOLI Stealer. ![]() Over the past three months, more than 50 such fake resources have appeared on the network. According to cybersecurity specialists from Cyble, attackers distribute miners and the RedLine infostealer using download sites for the fake MSI Afterburner utility.
0 Comments
Leave a Reply. |