Unknown threat actors briefly compromised CPUID’s website (cpuid[.]com) and replaced download links for CPU-Z and HWMonitor with trojanized installers to serve malicious executables. The attack used a malicious CRYPTBASE.dll for DLL side‑loading and anti‑sandbox evasion to deploy STX RAT, affecting over 150 victims across multiple countries and industries. #STXRAT #CPUID
Keypoints
- CPUID’s site was compromised from April 9 to April 10, with installer download URLs replaced by links to malicious websites.
- Trojanized distributions included a legitimate signed executable alongside a malicious DLL named “CRYPTBASE.dll” to enable DLL side‑loading.
- The malicious DLL performed anti‑sandbox checks, contacted external servers, and executed additional payloads to deploy STX RAT.
- STX RAT provides HVNC, broad infostealer and remote control capabilities and reused C2 infrastructure from a prior fake FileZilla campaign.
- Kaspersky identified more than 150 victims, mostly individuals in Brazil, Russia, and China, plus organizations in multiple sectors; poor attacker opsec allowed rapid detection.
Read More: https://thehackernews.com/2026/04/cpuid-breach-distributes-stx-rat-via.html