Information received just now: Security company "CybleAccording to a report released by MSI, fake versions of the graphics card overclocking tool "MSI Afterburner" are circulating.
Over the past three months, approximately 50 phishing sites targeting MSI Afterburner have been identified, delivering malware to users' machines.
Users who install the fake "MSI Afterburner" from the phishing site are infected with information stealing malware and coin mining malware.
The malware collects sensitive information from the victim's system, such as computer name, username, GPU, and CPU, and sends it to an API on a server URL.
Malicious actors use your computer to mine cryptocurrency.
To put it simply, in this example, the web page the user opened was a fake page created by a malicious actor who tricked the user into downloading a fake overclocking tool called MSI Afterburner, which looked exactly like the real thing.
When users install the fake "MSI Afterburner," they are infected with malware, and malicious actors use "MSI Afterburner" to steal computer information in the background and make money from the user's computer.
Our Recommendations
https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/ より – Google翻訳
- Users are advised to regularly check their system performance and CPU usage.
- Companies should prevent users from downloading pirated software from Warez/Torrent websites, such as YouTube and torrent sites, which contain "hack tools" that contain such malware.
- Organizations' information security policies/acceptable use policies should be updated to explicitly prohibit the downloading and installation of crypto mining software on end-user systems.
- Users must turn on the automatic software update feature on their computers, mobile and other connected devices.
- We recommend using a reputable anti-virus and internet security software package on connected devices such as PCs, laptops and mobile devices.
- As part of ongoing security awareness and training, users should be educated to never open untrusted links or email attachments without first verifying their authenticity.
- Educate your employees on how to protect themselves from threats such as phishing attacks and untrusted URLs.
- Blocks URLs that may be used to spread malware, such as Torrent/Warez.
- Endpoints and servers should be monitored for unexpected spikes in CPU and RAM usage that may indicate a potential malware infection.
The overclocking tool "MSI Afterburner" can be downloaded from here (official site URL).
https://www.msi.com/Landing/afterburner/graphics-cards (English)
https://jp.msi.com/Landing/afterburner/graphics-cards (Japanese)
To avoid malware infection
- SolidSecurity softwareAlways use virus definition files and keep them up to date.
- Running an unsupported operating system significantly increases your chances of being infected with malware or a virus.
- Keep your system up to date with Windows Update.
- Do not download directly from any source other than the official site.
- Before installing any software, be sure toSystem restoreGet into the habit of backing up your data using the following methods.
When infected with this malware, illegal mining occurs in the background.
If illegal mining occurs, your computer will run extremely slowly (in the worst case scenario, your CPU will overheat and break).
If you think something is wrong,Task managerLet's check the currently running program.
If illegal mining is taking place, security will be weakened and there will be a risk of infection with another virus.
We recommend that you regularly scan your entire computer with security software.
cyber-Crime is on the rise, so both individuals and businesses need to be vigilant in managing their businesses.
Comment: