A fake version of the overclocking app MSI Afterburner is being used by crooks to steal data and cryptocurrency. The focus of the wave of attacks, of course, are gamers who play on PCs, while the malicious campaign has 50 sites that simulate the appearance of the original domains to induce the download of the contaminated version of the software.

Malicious SEO tools are also used to highlight pages, which may appear among search results related to legitimate software. It also helps in the campaign, the fact that the installer effectively brings MSI Afterburner to the computer, alongside RedLine, an app that steals information from the computer, and also a miner of the Monero cryptocurrency (XMR).

The malicious software starts to run on the PC as a process called ‘browser_assistant’, running every time Windows restarts; caught the attention of Cyble specialists, who issued the alert, the fact that it was not directly stored. With each run, the software downloads the miner from a repository on GitHub, injected directly into memory as a way to reduce the chance of detection and uninstallation.

The pest also drew attention for other stealth capabilities, such as the detection of certain software, such as security tools and heavier apps, for immediate interruption of processes and a schedule in which mining only starts after 60 minutes of inactivity. Thus, the chances of the user not noticing what is happening increase, since viruses of this type largely consume the machine’s resources, with the user easily noticing that something is wrong.

Meanwhile, the old-fashioned Redline Stealer carries out its usual tasks, scanning browsers installed on the PC in search of credit card details and passwords saved in the browser. The focus of the campaign, however, seems to be on the cryptocurrency miner, due to the capabilities considered advanced to hide from detection, both by security software and by the user himself.

How to avoid downloading fake and dangerous apps

The main recommendation to users is to be careful when downloading and running applications. The ideal is to pay attention to the websites and domains accessed, avoiding downloading solutions outside the official spaces of the companies that develop the solutions; Extra attention should be paid to URLs that are similar to, but not necessarily the same as, legitimate ones.

Prefer recognized application stores or official means to search for software, especially when related to recognized hardware or companies. Special care must also be taken when downloading pirated or cracked games, applications or other resources, as well as links to download data received via social networks or instant messengers.

Source: Cyble