PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Hackers Leak Private Keys for MSI Products, Making It Easier to Attack Them

A ransomware gang known as Money Message posts confidential files they stole from MSI, which contain the private signing keys for the company's firmware.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Cybercriminals could have an easier time attacking MSI laptops after a ransomware gang leaked private code signing keys for the company’s products. 

The leak sources back to a group known as Money Message, which announced last month that it had infiltrated MSI and stolen sensitive company files, including alleged source code. Money Message claims MSI refused to pay up to keep the information secret, so on Thursday, it posted the stolen data on its website on the dark web.

The ransomware group's site hosting the leaked files.
The ransomware group's site hosting the leaked files.

Cybersecurity firm Binarly analyzed the leaked files, and confirmed they contain private code signing keys for MSI’s firmware across 57 products. (Binary’s GitHub page mentions the names of all the affected models.) 

These keys are important because MSI uses them to certify a firmware update comes from the company. Otherwise, a computer can flag the software as untrusted and potentially malicious. 

Now these leaked keys could end up in the wrong hands, and be abused to sign malware disguised as MSI-related software. “The signing keys for fw [firmware] image allow an attacker to craft malicious firmware updates and it can be delivered through normal BIOS update processes with MSI update tools,” Binarly CEO Alex Matrosov tells PCMag.

Recommended by Our Editors

The Best Rugged Laptops for 2026
The Best Rugged Laptops for 2026
I Got an Early Look at Dell’s 2026 Pro Laptops. They’re a Big Shift for Its Work PCs
I Got an Early Look at Dell’s 2026 Pro Laptops. They’re a Big Shift for Its Work PCs
The Best Cheap Gaming Laptops for 2026
The Best Cheap Gaming Laptops for 2026

It's possible a malicious firmware update could be delivered through fake websites or email messages disguised as MSI. But Matrosov says the major attack vector involves the private keys being used “as a second stage payload” after the initial compromise occurs through a browser or a document-based phishing attack. Most antivirus systems would remain silent because the malware would have been digitally signed as belonging to MSI and recognized as a legitimate firmware update. 

The other problem is the leak also contains the private signing keys for Intel Boot Guard, which can verify the correct computer code is running when a PC first boots up. Binarly found private keys for Intel Boot Guard across 116 MSI products. But the company also noted Intel Boot Guard is used across the tech industry.  

"The Intel BootGuard keys leak [is] impacting the whole ecosystem (not only MSI) and make this security feature useless,” Matrosov added.   

MSI and Intel didn’t immediately respond to a request for comment, making it unclear if they can revoke the private signing keys in some fashion. For now, MSI has merely warned that customers should only install firmware and BIOS updates from the company’s official websites —not from third-party sources. 

Still, Matrosov is concerned that MSI has limited options to fix the problem. “I think for MSI it will be a complicated situation since to deliver new signing keys they still need to use leaked ones,” he said. “I don’t believe they do have any revocation mechanisms.”

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio