https://twitter.com/ConfiantIntel/status/1389935490430906368
As detailed by ConfiantIntel on Twitter, a new malware is being spread pretending to be MSI's Afterburner software and is using Google Ads to propogate itself.
The software will install itself on the system and check for crypto wallets and empty them to cold addresses of various crypto's.
As described, it seems Discord itself is being used to host the malware. Becoming increasingly popular.
When downloading MSI Afterburner, only download from Official Sources! Not from any ad or look-alike site!
After stealing the crypto wallets the program leaves a back door in order to access the computer in future and this will likely be sold on to people who run bot nets or simply to try and harvest more data from your computer such as bank details.
"This variant was configured to steal cold Crypto Currency Wallets like Electrum, Exodus, Jaxx, etc.. VPN profiles, and it came with an new Remote Task command “cmd” allowing backdoor access and executing further commands on the hosts/hands-on keyboard attacks", CofiantIntel says.
More versions of this type of attack are likely to pop up, so be careful!