Cyber Security News

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

CybersecurityNews
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
The CPUID website was compromised and briefly served trojanized installers of CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor that loaded a malicious cryptbase.dll via DLL sideloading. The campaign distributed the STX RAT to over 150 victims across individuals and multiple industries, with differing compromise windows reported and links to a broader 10-month operation possibly tied to a Russian-speaking actor. #STX_RAT #CPUID

Keypoints

  • CPUID’s website was compromised to display links to trojanized versions of CPU-Z, HWMonitor, and PerfMonitor.
  • Attackers served both ZIP archives and standalone installers that included a malicious cryptbase.dll loaded via DLL sideloading.
  • Kaspersky identified malicious installers for CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor and found over 150 victims across sectors.
  • The ultimate payload is the STX RAT, which can steal browser credentials, cryptocurrency wallets, and FTP client passwords.
  • Reported compromise windows vary (maintainer: April 10, 00:00–06:00 GMT; Kaspersky: April 9–10) and Breakglass links the incident to a longer 10-month campaign with a likely Russian-speaking actor.

Read More: https://www.securityweek.com/cpuid-hacked-to-serve-trojanized-cpu-z-and-hwmonitor-downloads/