We've come across a dangerous variant of the MSI Afterburner installer, which is a 62.4 MB Windows MSI package. Although it appears to be a legitimate setup file, running it will infect your system with a crypto miner and an info stealer. The Malware Underneath On the surface, the installation seems normal, but it conceals a crypto miner and an info stealer. These threats can steal passwords and credentials, potentially compromising accounts such as YouTube. What Process Explorer Reveals Using Process Explorer, most processes seem fine. However, at the bottom of the list, install.exe is flagged as malicious by six detections. Suspiciously, cmd.exe and conhost.exe —typically system processes—are running with commands pointing to install.bat . These are part of the info stealer component. The Crypto Miner The malware also drops an XMRig crypto miner inside explorer.exe . Previously, this miner connected to xmr.to miners.com and used maximum CPU threads after 60 minutes
We've come across a dangerous variant of the MSI Afterburner installer, which is a 62.4 MB Windows MSI package. Although it appears to be a legitimate setup file, running it will infect your system with a crypto miner and an info stealer. The Malware Underneath On the surface, the installation seems normal, but it conceals a crypto miner and an info stealer. These threats can steal passwords and credentials, potentially compromising accounts such as YouTube. What Process Explorer Reveals Using Process Explorer, most processes seem fine. However, at the bottom of the list, install.exe is flagged as malicious by six detections. Suspiciously, cmd.exe and conhost.exe —typically system processes—are running with commands pointing to install.bat . These are part of the info stealer component. The Crypto Miner The malware also drops an XMRig crypto miner inside explorer.exe . Previously, this miner connected to xmr.to miners.com and used maximum CPU threads after 60 minutes
No comments