13th March 2022, 7:28 PM
(This post was last modified: 16th March 2022, 10:05 PM by David. Edited 4 times in total.)
Decided to reinstall MSI Afterburner the other day, ended up clicking the first link which was an ad. Had an odd feeling about it but trucked on and brushed it off as a separate landing page for Afterburner. Windows Security detected threats while it was installing and seemingly handled them, and I decided to uninstall that Afterburner install and get it straight from MSI. Had no issues with that one but the next morning I had multiple accounts compromised
Someone attempted to order a 3080 Ti on my Amazon and someone successfully placed an order for a $2000 MacBook on Best Buy for pickup but PayPal did send me a text alert warning of suspicious activity and asked me to confirm if the order was placed by me. Confirmed it wasn't me and managed to get the order cancelled. I didn't learn about the Amazon thing till later when I tried logging in, and from there found out 3 of my emails were compromised as well. I found activity history of searches for "coinbase" and my main email had filter settings changed to mark "read" and trash anything from Amazon, Best Buy, and PayPal
Later decided to look into the Afterburner matter more as that's the only shady thing that I could think happened recently and sure enough found an article from last year detailing a similar site offering a Afterburner download with malicious stuff bundled in. Also scanned the malicious download as well as the official download with virustotal and sure enough the malicious download showed threats (and ofc the official download was clean)
Can't 100% confirm the malicious Afterburner is what led to my accounts being compromised, but it's most likely the case. Already changed my passwords and enabled MFA on all the compromised accounts, and going to be working on everything else (all done from a separate device). Gotta reinstall Windows now which is gonna be a joy making notes and backing things up (scanning anything backed up of course)
Always get software from the official source or trusted 3rd party, always double check the url, use MFA/2FA, and use uBlock Origin (it would have blocked that ad I saw, but avoid any ad links if you see them anyway). Overall this has been a good learning experience, don't make my mistake
Made a post on r/buildapc with more detail and pictures if you want to know more: https://www.reddit.com/r/buildapc/commen...terburner/
Someone attempted to order a 3080 Ti on my Amazon and someone successfully placed an order for a $2000 MacBook on Best Buy for pickup but PayPal did send me a text alert warning of suspicious activity and asked me to confirm if the order was placed by me. Confirmed it wasn't me and managed to get the order cancelled. I didn't learn about the Amazon thing till later when I tried logging in, and from there found out 3 of my emails were compromised as well. I found activity history of searches for "coinbase" and my main email had filter settings changed to mark "read" and trash anything from Amazon, Best Buy, and PayPal
Later decided to look into the Afterburner matter more as that's the only shady thing that I could think happened recently and sure enough found an article from last year detailing a similar site offering a Afterburner download with malicious stuff bundled in. Also scanned the malicious download as well as the official download with virustotal and sure enough the malicious download showed threats (and ofc the official download was clean)
Can't 100% confirm the malicious Afterburner is what led to my accounts being compromised, but it's most likely the case. Already changed my passwords and enabled MFA on all the compromised accounts, and going to be working on everything else (all done from a separate device). Gotta reinstall Windows now which is gonna be a joy making notes and backing things up (scanning anything backed up of course)
Always get software from the official source or trusted 3rd party, always double check the url, use MFA/2FA, and use uBlock Origin (it would have blocked that ad I saw, but avoid any ad links if you see them anyway). Overall this has been a good learning experience, don't make my mistake
Made a post on r/buildapc with more detail and pictures if you want to know more: https://www.reddit.com/r/buildapc/commen...terburner/
