Hackers Used Fake GPU Overclocking Software to Push Malware

Graphics card maker MSI says someone is impersonating its website and Afterburner software to hack gamers.
May 13, 2021, 2:09pm
msi-gamers
Image: Daniel Pier/NurPhoto via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Computer hardware maker MSI is warning gamers not to visit a website that's impersonating the brand and its graphics card overclocking software, Afterburner, to push malware.

On Thursday, MSI published a press release warning of "a malicious software being disguised as the official MSI Afterburner."

Advertisement

"The malicious software is being unlawfully hosted on a suspicious website impersonating as MSI’s official website with the domain name https://afterburner-msi[.]space," the company wrote. "MSI has no relation with this website or the aforementioned domain."

"This webpage is hosting software which may contain virus, trojan, keylogger, or other type of malicious program that have been disguised to look like MSI Afterburner," the company added. "DO NOT DOWNLOAD ANY SOFTWARE FROM THIS WEBSITE."

"DO NOT DOWNLOAD ANY SOFTWARE FROM THIS WEBSITE."

MSI did not immediately respond to a request for comment. 

In the release, MSI said it has taken "necessary" action against the site, hinting that it has sent a cease and desist letter based on copyright infringement, or even contacted the website's domain registrar, "to remove the malicious imposter website." 

The allegedly malicious website mimics MSI's official website and offers downloads for Afterburner, according to the company. 

At this time, the official Afterburner Software download link "is currently closed due to routine maintenance," according to MSI. So it appears hackers are trying to take advantage of this by offering users an apparent alternative way to download the software. Afterburner is software that allows users to monitor and tweak their graphic card's performance. Critically, it allows them to "overclock" cards so they can get higher (but sometimes less stable) performance. We're in the middle of a global semiconductor shortage that's making it near impossible to buy new GPUs, so many gamers might be trying to get more performance out of the cards they already own by overclocking them.

According VirusTotal, the world's largest repository of malware, no antivirus software or engine flags the impersonator website as malicious. At the time of writing, the https://afterburner-msi[.]space website appears to be down. Before it went down, Chrome displayed a warning when trying to visit it.   

Subscribe to our cybersecurity podcast, CYBER.