CPUID, maker of CPU-Z and HWMonitor, was compromised via a secondary API that redirected legitimate update requests to a malicious domain for about six hours between April 9 and April 10, delivering a trojanized installer. The multi-stage, in-memory info-stealer used a fake CRYPTBASE.dll and shared infrastructure with a prior FileZilla campaign; CPUID has confirmed the incident and says the vulnerability is fixed. #CPUID #CPUZ #HWMonitor #CRYPTBASE_dll #HWiNFO_Monitor_Setup_exe #FileZilla
Keypoints
- CPUIDβs website was altered via a secondary API, redirecting updates to a malicious domain for approximately six hours.
- Users downloading updates received a trojanized installer, exemplified by βHWiNFO_Monitor_Setup.exe.β
- The attack used a malicious CRYPTBASE.dll to masquerade as a legitimate Windows library.
- The multi-stage payload runs entirely in memory to evade detection and deploys an info-stealer targeting browser credentials, passwords, and crypto wallets.
- The campaign shares infrastructure with a previous FileZilla incident, and CPUID has confirmed the breach and remediation.
Read More: https://dailydarkweb.net/cpuid-website-compromised-cpu-z-and-hwmonitor-serve-malware/