Fake MSI Afterburner and Dragon Centre, Steals Crypto Wallets!

Debaucus

https://twitter.com/ConfiantIntel/status/1389935490430906368

As detailed by ConfiantIntel on Twitter, a new malware is being spread pretending to be MSI's Afterburner software and is using Google Ads to propogate itself.

The software will install itself on the system and check for crypto wallets and empty them to cold addresses of various crypto's.

As described, it seems Discord itself is being used to host the malware. Becoming increasingly popular.

When downloading MSI Afterburner, only download from Official Sources! Not from any ad or look-alike site!

After stealing the crypto wallets the program leaves a back door in order to access the computer in future and this will likely be sold on to people who run bot nets or simply to try and harvest more data from your computer such as bank details.

"This variant was configured to steal cold Crypto Currency Wallets like Electrum, Exodus, Jaxx, etc.. VPN profiles, and it came with an new Remote Task command “cmd” allowing backdoor access and executing further commands on the hosts/hands-on keyboard attacks", CofiantIntel says.

More versions of this type of attack are likely to pop up, so be careful!

RueOx

Debaucus Just another thing to mention - never download things from sites you don't know, unless you've done your full research and understand the risks.

Heromaex

RueOx#114 Additional: files that end with .bat shozld never be downloaded from anywhere as they automatically execute. The others dont, you can check if a file / website contains malewares or anything that seems suspicious on this page (VirusTotal - Check Websites, Files and also search for them)