Advanced PC users who like to tweak how their GPU performs become targets of malware (opens in new tab)say researchers.
A number of websites have been detected promoting a rogue version of MSI Afterburner, which instead installs cryptocurrency miners and infostealers on affected endpoints (opens in new tab).
MSI Afterburner is a program that allows users to customize how their graphics cards behave, allowing users to adjust overclocking, monitor the temperature of the card, and many other tasks. Although built by PC maker MSI, it works with almost any graphics card, quickly making it a star in the gaming and PC user communities – but now it seems to have become a target for criminals as well.
Mining cryptos with GPUs
Cyble cybersecurity researchers say they’ve discovered more than 50 websites posing as the official MSI Afterburner site in the past three months.
The sites often push cryptocurrency miners for Monero and an information-stealing trojan called RedLine Stealer. Most of the discovered domains are typosquatted, it added, but there were also some that had nothing to do with MSI at all.
High quality graphics cards are an important tool for cryptocurrency miners as it allows them to generate the valuable tokens more efficiently. That’s why the prices of flagship GPU models have risen steadily in recent years, while the supply of the cards has been all but exhausted. It is also why it makes sense to target MSI Afterburner with a cryptocurrency miner.
Ever since Ethereum (the world’s second largest blockchain network by market capitalization, second only to Bitcoin) moved from proof-of-work (mining) to proof-of-stake (staking), the popularity of mining has declined . The rising cost of electricity and the bear market cryptocurrencies currently being experienced (bitcoin fell from $69,000 last November to around $16,000 in November) have all played their part.
But to cybercriminals who would hijack other people’s endpoints for mining, the price swings of the tokens mean very little.
Via: Bleeping Computer (opens in new tab)